Author Topic: 1st time visitor trying to speed up computer (Read 1507 times)

dave · « **on:** December 03, 2009, 11:54:32 PM »

Hi,
System is sluggish and 4 messages appear re: missing files.

Edit note: attached files posted by Corrine

Logfile of random's system information tool 1.06 (written by random/random)
Run by david marks at 2009-12-03 16:44:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (25%) free of 78 GB
Total RAM: 255 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:26 PM, on 12/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
C:\WINDOWS.000\SYSTEM32\rundll32.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS.000\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS.000\system32\rundll32.exe
C:\Documents and Settings\david marks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Runner.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.000\system32\wscntfy.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Download Files\RSIT.exe
C:\WINDOWS.000\msa.exe
C:\Program Files\Trend Micro\HijackThis\david marks.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink Network, Inc.
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe dckp.suo printer
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 winsecurepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 winsecurepro2009.com
O1 - Hosts: 91.212.127.227 www.winsecurepro2009.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS.000\SYSTEM32\NZDD.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS.000\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [puqlvkku] C:\Documents and Settings\david marks\Local Settings\Application Data\cusqmm\kbkwsysguard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\DAVIDM~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\david marks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NordBull] C:\WINDOWS.000\msa.exe
O4 - HKCU\..\Run: [puqlvkku] C:\Documents and Settings\david marks\Local Settings\Application Data\cusqmm\kbkwsysguard.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: scandisk.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Runner.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.000\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: Win32 Classes -
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258018013640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258017904753
O17 - HKLM\System\CCS\Services\Tcpip\..\{0357C02F-4361-42F5-BA08-4AC0AAF7B7BE}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS2\Services\Tcpip\..\{0357C02F-4361-42F5-BA08-4AC0AAF7B7BE}: NameServer = 207.69.188.187 207.69.188.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS.000\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8741 bytes

======Scheduled tasks folder======

C:\WINDOWS.000\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS.000\tasks\AppleSoftwareUpdate.job
C:\WINDOWS.000\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1060284298-1957994488-1003Core.job
C:\WINDOWS.000\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-10 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-24 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBCDDA60-2A68-11D3-8A43-0060083CFB9C}]
BrowserHelper Class - C:\WINDOWS.000\SYSTEM32\NZDD.DLL [2001-03-05 1150976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-07-11 342600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"=C:\WINDOWS.000\system32\SysTray.Exe [2004-08-04 3072]
"NeroFilterCheck"=C:\WINDOWS.000\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272]
"PVR Agent"=C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe [2004-05-10 730112]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2005-10-27 299008]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-17 185896]
"calc"=C:\WINDOWS.000\system32\calc.dll,_IWMPEvents@0 []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-12 2020120]
"puqlvkku"=C:\Documents and Settings\david marks\Local Settings\Application Data\cusqmm\kbkwsysguard.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"calc"=C:\DOCUME~1\DAVIDM~1\ntuser.dll,_IWMPEvents@0 []
"Google Update"=C:\Documents and Settings\david marks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
"NordBull"=C:\WINDOWS.000\msa.exe [2009-11-04 120832]
"puqlvkku"=C:\Documents and Settings\david marks\Local Settings\Application Data\cusqmm\kbkwsysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Runner.EXE
PowerReg Scheduler.exe

C:\Documents and Settings\david marks\Start Menu\Programs\Startup
PowerReg Scheduler.exe
scandisk.lnk - C:\WINDOWS.000\SYSTEM32\rundll32.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS.000\system32\avgrsstx.dll [2009-11-04 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.000\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS.000\System32\dpvsetup.exe"="C:\WINDOWS.000\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-03 16:44:11 ----D---- C:\rsit
2009-12-03 16:40:30 ----D---- C:\WINDOWS.000\ERDNT
2009-12-03 16:39:14 ----D---- C:\Program Files\ERUNT
2009-12-03 11:35:41 ----D---- C:\Program Files\Trend Micro
2009-11-20 15:55:18 ----SHD---- C:\FOUND.008
2009-11-19 16:36:30 ----D---- C:\WINDOWS.000\system32\LogFiles
2009-11-12 17:45:55 ----SHD---- C:\Config.Msi
2009-11-12 17:39:49 ----D---- C:\WINDOWS.000\system32\XPSViewer
2009-11-12 17:39:39 ----D---- C:\Program Files\MSBuild
2009-11-12 17:39:24 ----D---- C:\Program Files\Reference Assemblies
2009-11-12 17:38:23 ----N---- C:\WINDOWS.000\system32\prntvpt.dll
2009-11-12 17:38:22 ----N---- C:\WINDOWS.000\system32\xpsshhdr.dll
2009-11-12 17:38:20 ----N---- C:\WINDOWS.000\system32\xpssvcs.dll
2009-11-12 17:38:19 ----D---- C:\f8f68a9cc0a6807ddf
2009-11-12 17:12:49 ----A---- C:\WINDOWS.000\system32\wuapi.dll.mui
2009-11-12 17:07:04 ----A---- C:\WINDOWS.000\system32\wmpns.dll
2009-11-12 17:03:24 ----D---- C:\WINDOWS.000\Prefetch
2009-11-12 04:15:19 ----A---- C:\WINDOWS.000\setuplog.txt
2009-11-12 04:07:45 ----D---- C:\WINDOWS.000\system32\en-us
2009-11-12 04:07:40 ----D---- C:\WINDOWS.000\system32\scripting
2009-11-12 04:07:25 ----D---- C:\WINDOWS.000\l2schemas
2009-11-12 04:07:23 ----D---- C:\Program Files\msn
2009-11-12 04:07:22 ----D---- C:\WINDOWS.000\system32\en
2009-11-12 04:07:21 ----D---- C:\WINDOWS.000\system32\bits
2009-11-12 03:53:16 ----D---- C:\WINDOWS.000\ServicePackFiles
2009-11-12 03:43:38 ----D---- C:\WINDOWS.000\network diagnostic
2009-11-12 03:22:36 ----HD---- C:\WINDOWS.000\$NtServicePackUninstall$
2009-11-12 01:27:48 ----A---- C:\WINDOWS.000\system32\wucltui.dll.mui
2009-11-12 01:27:47 ----A---- C:\WINDOWS.000\system32\wuaueng.dll.mui
2009-11-06 10:56:48 ----SHD---- C:\FOUND.007
2009-11-04 23:49:00 ----HD---- C:\$AVG
2009-11-04 23:37:52 ----A---- C:\WINDOWS.000\system32\avgrsstx.dll
2009-11-04 23:36:22 ----D---- C:\Program Files\AVG
2009-11-04 23:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-04 23:28:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-04 22:51:56 ----A---- C:\WINDOWS.000\msa.exe
2009-11-04 22:51:30 ----D---- C:\Documents and Settings\All Users\Application Data\53581628

======List of files/folders modified in the last 1 months======

2009-12-03 11:47:02 ----A---- C:\WINDOWS.000\SchedLog.Txt
2009-12-01 17:18:02 ----A---- C:\WINDOWS.000\ModemLog_Standard 56000 bps Modem #2.txt
2009-12-01 17:17:56 ----A---- C:\WINDOWS.000\ModemLog_Standard 56000 bps Modem.txt
2009-12-01 14:48:14 ----A---- C:\WINDOWS.000\IMGFOLIO.INI
2009-12-01 14:47:38 ----A---- C:\WINDOWS.000\PLFILE.INI
2009-11-29 22:01:02 ----A---- C:\WINDOWS.000\NeroDigital.ini
2009-11-17 13:17:42 ----A---- C:\WINDOWS.000\U3DEDIT3.INI
2009-11-12 17:48:26 ----A---- C:\WINDOWS.000\system32\PerfStringBackup.INI
2009-11-12 17:05:16 ----A---- C:\WINDOWS.000\OEWABLog.txt
2009-11-12 17:04:50 ----A---- C:\WINDOWS.000\Reg Save Log.txt
2009-11-04 22:45:54 ----SH---- C:\boot.ini
2009-11-04 22:45:54 ----A---- C:\WINDOWS.000\win.ini
2009-11-04 22:45:54 ----A---- C:\WINDOWS.000\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS.000\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS.000\System32\Drivers\avgldx86.sys [2009-11-04 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS.000\System32\Drivers\avgmfx86.sys [2009-11-04 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS.000\System32\Drivers\avgtdix.sys [2009-11-10 360584]
R1 InCDPass;InCDPass; C:\WINDOWS.000\System32\DRIVERS\InCDPass.sys [2006-03-23 29440]
R1 incdrm;InCD Reader; C:\WINDOWS.000\system32\drivers\incdrm.sys [2006-03-23 33536]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS.000\system32\DRIVERS\p3.sys [2008-04-13 42752]
R2 Nsynas32;Nsynas32; C:\WINDOWS.000\system32\drivers\Nsynas32.sys [2000-06-16 17784]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS.000\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS.000\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS.000\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS.000\system32\DRIVERS\ati2mtaa.sys [2001-09-26 285088]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS.000\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 mf;mf; C:\WINDOWS.000\system32\DRIVERS\mf.sys [2008-04-13 63744]
R3 motubus;MOTU Audio MIDI Extension; C:\WINDOWS.000\system32\drivers\MotuBus.sys [2003-07-10 15488]
R3 MotuMidi;MOTU MIDI Device; C:\WINDOWS.000\system32\drivers\MotuMidi.sys [2004-07-21 26752]
R3 MotuPar;MOTU Parallel MIDI Interface; C:\WINDOWS.000\system32\drivers\MotuPar.sys [2004-09-17 20992]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS.000\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.000\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS.000\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS.000\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS.000\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.000\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w324drvr;w324drvr; C:\WINDOWS.000\system32\drivers\w324drvr.sys [2001-11-09 141236]
R3 Wave324;Wave Driver for PCI-324; C:\WINDOWS.000\system32\drivers\Wave324.sys [2001-11-29 44760]
R3 wdm_au8820;Aureal Vortex 8820 Audio Driver (WDM); C:\WINDOWS.000\system32\drivers\adm8820.sys [2001-10-05 508032]
R3 WpdUsb;WpdUsb; C:\WINDOWS.000\System32\Drivers\wpdusb.sys [2005-01-28 18944]
R4 InCDfs;InCD File System; C:\WINDOWS.000\system32\drivers\InCDfs.sys [2006-03-23 102016]
S3 61883;61883 Unit Device; C:\WINDOWS.000\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.000\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS.000\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS.000\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 daqdrv;daqdrv; \??\C:\WINDOWS.000\system32\daqdrv.sys []
S3 DCamUSBEMPIA;Airlink101 ATVUSB01 2800; C:\WINDOWS.000\system32\DRIVERS\emDevice.sys [2004-08-11 108845]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS.000\system32\DRIVERS\emFilter.sys [2004-08-20 19328]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS.000\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS.000\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS.000\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS.000\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS.000\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS.000\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS.000\system32\DRIVERS\NtApm.sys [2001-08-17 9344]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS.000\system32\DRIVERS\emScan.sys [2004-08-11 4857]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.000\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS.000\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS.000\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS.000\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS.000\system32\DRIVERS\usbohci.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.000\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS.000\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS.000\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-04 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 168432]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.000\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 6to4;Network Security; C:\WINDOWS.000\System32\svchost.exe [2008-04-13 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.000\system32\Ati2evxx.exe [2000-11-30 57344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.000\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.000\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS.000\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS.000\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS.000\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-12-03 16:45:34

======Uninstall list======

-->"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.000\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS.000\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS.000\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\setup.exe" -l0x9
ASAPI Update-->C:\PROGRA~1\VOB\ASAPIU~1\IWUNIN~1.EXE -uninstall C:\WINDOWS.000\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI Display Driver-->rundll32 C:\WINDOWS.000\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon CanoScan Toolbox 4.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\setup.exe" -l0x9 anything
CD-Writer Plus software-->C:\Program Files\CD-Writer Plus\hpremove.exe
Conexant HCF V.90/56K Modem-->infunist.exe
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Pro User's Guide (English)-->C:\WINDOWS.000\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Pro\Creative WebCam Live! Pro User's Guide\English\CTManual.isu"
Cubase VST Score-->C:\PROGRA~1\STEINB~1\CUBASE~1.0\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASE~1.0\INSTALL.LOG
EarthLink MailBox-->"C:\Program Files\EarthLink MailBox\MCUninst.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
GalleryPlayer Images-->C:\WINDOWS.000\GalleryPlayer Images Uninstaller.exe
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\My Download Files\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS.000\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS.000\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS.000\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP CD-Writer Plus Toolbox-->C:\PROGRA~1\CD-WRI~1\DIAGNOSE\UNWISE.EXE /S C:\PROGRA~1\CD-WRI~1\DIAGNOSE\INSTALL.LOG
HP DeskJet 930C Series (Remove only)-->C:\Program Files\HP DeskJet 930C Series\hpfiui.exe -c -vdivid=HPF -vpnum=93 -vinstport=USB/DeskJet 930C/MY05B182MRJL -vproduct=930C -huninstall
HP Instant Delivery-->C:\PROGRA~1\HEWLET~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HEWLET~1\HPINST~1\INSTALL.LOG
InCD-->C:\WINDOWS.000\NuNInst.exe /UNINSTALL
Instant Image Voyager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77137676-87F7-410C-8DC7-000A9DD44C96}\setup.exe"
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KODAK Camera Connection Software Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{884CE4D3-71D7-494A-8206-1317201AAE04}\SETUP.EXE"
Kodak Memory Albums-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A8F1CA0-9085-11D4-B869-0050DA73F204}\Setup.exe"
KODAK Picture Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51661BCF-F22A-11D4-82B4-00500494EF5C}\setup.exe"
Manual CanoScan 4200F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS.000\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS.000\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS.000\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS.000\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS.000\muninst.exe C:\WINDOWS.000\INF\KB870669.inf
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Publisher 98-->C:\Program Files\Microsoft Office\Office\Setup\Setup.exe /m
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MOTU 324-->C:\WINDOWS.000\IsUninst.exe -f"C:\Program Files\MOTU\324\Uninst.isu"
MOTU MIDI-->C:\WINDOWS.000\IsUninst.exe -f"C:\Program Files\MOTU\Uninst.isu"
NEATO MediaFACE-->C:\PROGRA~1\MEDIAF~1\UNWISE.EXE C:\PROGRA~1\MEDIAF~1\INSTALL.LOG
Nero Digital-->C:\WINDOWS.000\UNNeroVision.exe /UNINSTALL
Nero Media Player-->C:\WINDOWS.000\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape (7.2)-->C:\WINDOWS.000\NSUninst.exe /ua "7.2 (en)"
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Professor Franklin-->C:\Program Files\Professor Franklin\Uninstal.exe
PVR-PLUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealDownload-->C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ReBirth ModPacker-->C:\PROGRA~1\PROPEL~1\MODPAC~1\UNWISE.EXE C:\PROGRA~1\PROPEL~1\MODPAC~1\INSTALL.LOG
ReBirth RB-338 2.0-->C:\PROGRA~1\PROPEL~1\REBIRT~1.0\UNWISE.EXE C:\PROGRA~1\PROPEL~1\REBIRT~1.0\INSTALL.LOG
ReBirth RB-338-->C:\PROGRA~1\REBIRT~1\UNWISE.EXE C:\PROGRA~1\REBIRT~1\INSTALL.LOG
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS.000\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Solar System Explorer-->C:\WINDOWS.000\IsUninst.exe -f"c:\program files\Uninst.isu"
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\SETUP.EXE" UNINSTALL
Steinberg Cubase VST Score-->C:\PROGRA~1\STEINB~1\CUBASE~1.0\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASE~1.0\Install.log
Steinberg Cubase VST32-->D:\PROGRA~1\STEINB~1\CUBASE~1.1\UNINST~1.EXE D:\PROGRA~1\STEINB~1\CUBASE~1.1\INSTALL.LOG
Steinberg LM·4-->C:\PROGRA~1\STEINB~1\VSTPLU~1\LM-4\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\LM-4\INSTALL.LOG
Steinberg Model·E-->C:\PROGRA~1\STEINB~1\VSTPLU~1\MODEL-E\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\MODEL-E\INSTALL.LOG
TBS Montego Drivers-->ASP4SETP.EXE 9
The Weather Channel Desktop-->C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Ulead COOL 3D 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA1BE991-D723-41BE-AD16-42EAFDA794EA}\Setup.exe"
Ulead VideoStudio 5.0-->MsiExec.exe /I{27113CA3-36B8-48AB-A419-79CF1FC0ECED}
Ulead VideoStudio 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RUNTIME\0701\INTEL32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\SETUP.EXE" -l0x9
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS.000\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WaveLab-->"C:\Program Files\Steinberg\WaveLab\Unwise.exe" C:\PROGRA~1\STEINB~1\WAVELAB\Install.log
Weather Services-->C:\WINDOWS.000\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Windows Media Connect-->"C:\WINDOWS.000\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS.000\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS.000\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP Uninstall-->%SYSTEMROOT%\system32\osuninst.exe
WinSCP 3.8.2-->"C:\Program Files\WinSCP3\unins000.exe"
WinZip-->C:\WINZIP\WINZIP32.EXE /uninstall
Yahoo! Toolbar-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
ZoneAlarm-->C:\PROGRA~1\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost
::1 localhost
91.212.127.227 winsecurepro2009.microsoft.com
91.212.127.227 winsecurepro2009.com
91.212.127.227 www.winsecurepro2009.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HAL
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 45360
Source Name: Disk
Time Written: 20091104222134.000000-480
Event Type: warning
User:

Computer Name: HAL
Event Code: 26
Message: The driver has detected that device \Device\Scsi\ultra1 has old or out-of-date firmware.
Reduced performance may result.

Record Number: 45359
Source Name: ultra
Time Written: 20091104222134.000000-480
Event Type: warning
User:

Computer Name: HAL
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 45357
Source Name: Disk
Time Written: 20091104222128.000000-480
Event Type: warning
User:

Computer Name: HAL
Event Code: 26
Message: The driver has detected that device \Device\Scsi\ultra1 has old or out-of-date firmware.
Reduced performance may result.

Record Number: 45356
Source Name: ultra
Time Written: 20091104222128.000000-480
Event Type: warning
User:

Computer Name: HAL
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 45355
Source Name: Disk
Time Written: 20091104222127.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: HAL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 2643
Source Name: .NET Runtime Optimization Service
Time Written: 20060515115845.000000-420
Event Type:
User:

Computer Name: HAL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Tasks, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 2641
Source Name: .NET Runtime Optimization Service
Time Written: 20060515115844.000000-420
Event Type:
User:

Computer Name: HAL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 2639
Source Name: .NET Runtime Optimization Service
Time Written: 20060515115837.000000-420
Event Type:
User:

Computer Name: HAL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Engine, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 2637
Source Name: .NET Runtime Optimization Service
Time Written: 20060515115837.000000-420
Event Type:
User:

Computer Name: HAL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: CustomMarshalers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 2635
Source Name: .NET Runtime Optimization Service
Time Written: 20060515115833.000000-420
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\system32;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;%SYSTEMROOT%;%SYSTEMROOT%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=C:\WINDOWS.000
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0803
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=C:\WINDOWS.000\TEMP
"TMP"=C:\WINDOWS.000\TEMP
"CLASSPATH"=.;C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"PROMPT"=$p$g
"winbootdir"=C:\WINDOWS.000
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

winchester73 · « **Reply #1 on:** December 03, 2009, 11:56:29 PM »

Can you please be more specific about the missing files messages ... what files are missing?

Have you run a disk defragmenter recently? Have you dumped your temporary internet files, etc?

dave · « **Reply #2 on:** December 04, 2009, 12:08:06 AM »

here's a screen shot of them.

winchester73 · « **Reply #3 on:** December 04, 2009, 12:17:44 AM »

It's going to be really important that you follow directions precisely, and fully answer any questions asked. For example, about the defragmenting ...

Have you already run some spyware removers and cleaners? If so, what?

Those three things might be orphaned entries from a previous cleanup, so the next step is dependent upon knowing what you have already done, if anything.

winchester73 · « **Reply #4 on:** December 04, 2009, 12:50:29 PM »

dave ... those three files are indications of a trojan infection on your computer (the last two specifically from Antivirus Pro). BTW, you said there were 4 messages, but there are only 3 screenshots. The fact that the files aren't loading could indicate that something you've already done has been partially successful in eradicating these pests. If so, we only have a few orphaned entries to sort out. The HijackThis log tells us that your computer is trying to run them when you boot up. However, it also tells us that the fake MS Antivirus may be present as well.

Someone will be here to get you sorted out once you post back regarding what you have done so far to clean things up yourself.

dave · « **Reply #5 on:** December 04, 2009, 08:00:37 PM »

This is great!
I haven't defragmented fora long time (years). I'll do that next chance.
I have recently run Adaware and AVG programs to rid a bug. I have used
the computer without any firewall for years and recently started getting
viruses.
After I deleted the bad worms or whatever they were, It started showing
the above three messages. The newer fourth one I'll post after I reboot.

dave · « **Reply #6 on:** December 04, 2009, 08:12:28 PM »

It is only the three messages I posted.

Corrine · « **Reply #7 on:** December 04, 2009, 10:11:31 PM »

Hi, Dave. Welcome to LandzDown Forum.

It appears that either a poor upgrade or reinstall of your operating system since you are using C:\WINDOWS.000. For reference: Setup Defaults to Windows.000 Folder.

Quote

I have used the computer without any firewall for years and recently started getting viruses.

With the malware today, it is no longer possible to surf the internet without at least a software firewall, preferably behind a router as well. The following firewall programs are free for personal use.

Online Armor Free
Agnitum Outpost Firewall

Quote

After I deleted the bad worms

Unfortunately, you have not removed the trojans on your computer. Neither AVG nor AAW are powerful enough to clean the mess I am seeing in your logs. A lot of work is needed in order to clean your machine. We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please download JavaRa and unzip it to your desktop.

Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
Click on Remove Older Versions to remove older versions of Java.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment (JRE) 6 Update 17.

Download Link: Java SE Runtime Environment 6u17

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you use AVG, you must also open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar as well as the following:

Click on Tools.
Select Advanced Settings.
In the left hand pane, scroll down to "Resident Shield".
In the main pane, deselect the option to "Enable Resident Shield."
To re-enable AVG 8, please select "Enable Resident Shield" again.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log. Please also let us know if you are having problems with Google redirects.

Thank you.

dave · « **Reply #8 on:** December 08, 2009, 10:06:39 PM »

Thank you so much. Friday I'll be able to do everything listed. I'll follow
the instructions and let you know...

Corrine · « **Reply #9 on:** December 08, 2009, 11:43:28 PM »

Thanks for letting us know about the delay, Dave. We will need to see the requested logs in order to ascertain the status of the cleanup.

dave · « **Reply #10 on:** December 11, 2009, 10:37:29 PM »

Here's the ComboFix log file.

Corrine · « **Reply #11 on:** December 11, 2009, 10:55:06 PM »

Dave, please paste the logs rather than attaching. Thanks.

Here's your Combofix Log:

ComboFix 09-12-11.01 - david marks 12/11/2009 15:02:58.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.100 [GMT -8:00]
Running from: c:\documents and settings\david marks\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\DAVIDM~1\LOCALS~1\Temp\1.wmv
c:\docume~1\DAVIDM~1\LOCALS~1\Temp\install_flash_player.exe
c:\docume~1\DAVIDM~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\DAVIDM~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\david marks\Start Menu\Programs\Startup\scandisk.lnk
C:\Thumbs.db
c:\windows.000\AUTOLNCH.REG
c:\windows.000\msa.exe
c:\windows.000\start.exe
c:\windows.000\system32\certstore.dat
c:\windows.000\system32\clrviddc.dll
c:\windows.000\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 22:46 . 2009-12-11 22:45   411368   ----a-w-   c:\windows.000\system32\deploytk.dll
2009-12-11 22:44 . 2009-12-11 22:44   152576   ----a-w-   c:\documents and settings\david marks\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-11 22:43 . 2009-12-11 22:43   79488   ----a-w-   c:\documents and settings\david marks\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-11 22:35 . 2009-12-11 22:35   --------   d-----w-   C:\Landzdown01
2009-12-04 00:44 . 2009-12-04 00:44   --------   d-----w-   C:\rsit
2009-12-04 00:39 . 2009-12-04 00:39   --------   d-----w-   c:\program files\ERUNT
2009-12-03 19:35 . 2009-12-03 19:35   --------   d-----w-   c:\program files\Trend Micro
2009-11-20 23:55 . 2009-11-20 23:55   --------   d-----w-   C:\FOUND.008
2009-11-20 00:36 . 2009-11-20 00:36   --------   d-----w-   c:\windows.000\system32\LogFiles
2009-11-18 00:24 . 2009-11-18 00:24   --------   d-----w-   c:\documents and settings\david marks\Local Settings\Application Data\cusqmm
2009-11-13 01:39 . 2009-11-13 01:39   --------   d-----w-   c:\windows.000\system32\XPSViewer
2009-11-13 01:39 . 2009-11-13 01:39   --------   d-----w-   c:\program files\MSBuild
2009-11-13 01:39 . 2009-11-13 01:39   --------   d-----w-   c:\program files\Reference Assemblies
2009-11-13 01:39 . 2008-07-06 12:06   89088   ----a-w-   c:\windows.000\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-13 01:38 . 2008-07-06 12:06   89088   ------w-   c:\windows.000\system32\dllcache\filterpipelineprintproc.dll
2009-11-13 01:38 . 2008-07-06 12:06   117760   ------w-   c:\windows.000\system32\prntvpt.dll
2009-11-13 01:38 . 2008-07-06 12:06   575488   ------w-   c:\windows.000\system32\xpsshhdr.dll
2009-11-13 01:38 . 2008-07-06 12:06   575488   ------w-   c:\windows.000\system32\dllcache\xpsshhdr.dll
2009-11-13 01:38 . 2008-07-06 10:50   597504   ------w-   c:\windows.000\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-13 01:38 . 2008-07-06 10:50   597504   ------w-   c:\windows.000\system32\dllcache\printfilterpipelinesvc.exe
2009-11-13 01:38 . 2008-07-06 12:06   1676288   ------w-   c:\windows.000\system32\xpssvcs.dll
2009-11-13 01:38 . 2008-07-06 12:06   1676288   ------w-   c:\windows.000\system32\dllcache\xpssvcs.dll
2009-11-13 01:38 . 2009-11-13 01:38   --------   d-----w-   C:\f8f68a9cc0a6807ddf
2009-11-13 01:07 . 2004-08-04 20:00   221184   ----a-w-   c:\windows.000\system32\wmpns.dll
2009-11-12 17:43 . 2009-11-12 17:41   3963648   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-12 17:43 . 2009-11-12 17:41   497944   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-12 12:07 . 2009-11-12 12:07   --------   d-----w-   c:\windows.000\system32\scripting
2009-11-12 12:07 . 2009-11-12 12:07   --------   d-----w-   c:\windows.000\l2schemas
2009-11-12 12:07 . 2009-11-12 12:07   --------   d-----w-   c:\windows.000\system32\en
2009-11-12 12:07 . 2009-11-12 12:07   --------   d-----w-   c:\windows.000\system32\bits
2009-11-12 11:53 . 2009-11-12 11:53   --------   d-----w-   c:\windows.000\ServicePackFiles
2009-11-12 10:31 . 2004-08-04 06:29   11871   ------w-   c:\windows.000\system32\drivers\wadv09nt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 02:10 . 2005-02-19 00:15   171232   ----a-w-   c:\documents and settings\david marks\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-12 12:18 . 2005-02-14 23:32   86351   ----a-w-   c:\windows.000\pchealth\helpctr\OfflineCache\index.dat
2009-11-10 18:49 . 2009-11-05 07:37   360584   ----a-w-   c:\windows.000\system32\drivers\avgtdix.sys
2009-11-05 07:37 . 2009-11-05 07:37   12464   ----a-w-   c:\windows.000\system32\avgrsstx.dll
2009-11-05 07:37 . 2009-11-05 07:37   333192   ----a-w-   c:\windows.000\system32\drivers\avgldx86.sys
2009-11-05 07:37 . 2009-11-05 07:37   28424   ----a-w-   c:\windows.000\system32\drivers\avgmfx86.sys
2009-11-05 07:36 . 2009-11-05 07:36   --------   d-----w-   c:\program files\AVG
2009-11-05 07:36 . 2009-11-05 07:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2009-11-05 07:33 . 2009-11-05 07:33   93360   ----a-w-   c:\windows.000\system32\drivers\SBREDrv.sys
2009-11-05 07:28 . 2009-11-05 07:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 06:51 . 2009-11-05 06:51   --------   d-----w-   c:\documents and settings\All Users\Application Data\53581628
2009-10-30 01:17 . 2009-10-30 01:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\01732114
2009-10-18 01:58 . 2009-10-18 01:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\ScanSoft
2007-11-28 17:05 . 2006-05-16 21:01   6144   --sha-w-   c:\program files\Thumbs.db
2006-04-17 20:47 . 2006-04-17 20:47   335   ----a-w-   c:\program files\SET.PRF
2006-04-17 20:45 . 2006-04-17 20:44   40960   ----a-w-   c:\program files\Uninst.isu
2001-11-16 23:00 . 2001-11-02 01:48   20   ----a-w-   c:\program files\log.txt
2001-01-05 19:47 . 2001-01-05 19:47   11079   ---ha-w-   c:\program files\folder.htt
2000-11-05 01:47 . 2006-04-17 20:44   577536   ----a-w-   c:\program files\sse32.exe
1998-01-19 06:18 . 2006-04-17 20:44   641024   ------r-   c:\program files\DRWSKY32.DLL
1997-12-06 07:45 . 2006-04-17 20:44   530944   ------r-   c:\program files\PLNETS32.DLL
1996-07-27 02:00 . 2006-04-17 20:44   32800   ------r-   c:\program files\PRINT32.DLL
1996-07-05 03:44 . 2006-04-17 20:44   2238   ----a-w-   c:\program files\SSE_ICON.ICO
1996-06-26 08:01 . 2006-04-17 20:44   15360   ------r-   c:\program files\VR32D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-04-14 00:12   8461312   ----a-w-   c:\windows.000\SYSTEM32\shell32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-28 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\david marks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-05 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows.000\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-24 1398272]
"PVR Agent"="c:\program files\Airlink101\PVR-PLUS\TVR\Scheduled.exe" [2004-05-10 730112]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2005-10-28 299008]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185896]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]

c:\documents and settings\david marks\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-8-3 225280]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Runner.EXE [1996-10-29 39936]
PowerReg Scheduler.exe [2001-1-27 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-05 07:37   12464   ----a-w-   c:\windows.000\SYSTEM32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealJukeboxSystray"="c:\program files\REAL\REALJUKEBOX\tsystray.exe"
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"ATIGART"=c:\ati\gart\atigart.exe
"AtiPTA"=Atiptaxx.exe
"AtiCwd32"=Aticwd32.exe
"AtiQiPcl"=AtiQiPcl.exe
"HPID Scheduler"=c:\program files\Hewlett-Packard\HP Instant Delivery\hpidschd.exe
"Adaptec DirectCD"=c:\progra~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Atari Launcher"=c:\program files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
"WinPoET"=c:\program files\iVasion\WinPoET\WinPPPoverEthernet.exe
"StillImageMonitor"=c:\windows.000\SYSTEM32\STIMON.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.000\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 Asapi;Asapi;c:\windows.000\SYSTEM32\DRIVERS\asapi.sys [3/2/2005 4:48 PM 10240]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows.000\SYSTEM32\DRIVERS\avgldx86.sys [11/4/2009 11:37 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows.000\SYSTEM32\DRIVERS\avgtdix.sys [11/4/2009 11:37 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/4/2009 11:36 PM 285392]
R3 motubus;MOTU Audio MIDI Extension;c:\windows.000\SYSTEM32\DRIVERS\motubus.sys [3/14/2005 2:16 PM 15488]
R3 MotuMidi;MOTU MIDI Device;c:\windows.000\SYSTEM32\DRIVERS\motumidi.sys [3/14/2005 2:36 PM 26752]
R3 MotuPar;MOTU Parallel MIDI Interface;c:\windows.000\SYSTEM32\DRIVERS\motupar.sys [3/14/2005 2:36 PM 20992]
R3 w324drvr;w324drvr;c:\windows.000\SYSTEM32\DRIVERS\w324drvr.sys [2/14/2005 4:55 PM 141236]
R3 Wave324;Wave Driver for PCI-324;c:\windows.000\SYSTEM32\DRIVERS\Wave324.sys [2/14/2005 4:55 PM 44760]
S3 daqdrv;daqdrv;\??\c:\windows.000\system32\daqdrv.sys --> c:\windows.000\system32\daqdrv.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows.000\SYSTEM32\DRIVERS\NtApm.sys [6/22/2005 4:02 PM 9344]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12   73216   ----a-w-   c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12   73216   ----a-w-   c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12   73216   ----a-w-   c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12   73216   ----a-w-   c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-24 00:17   7168   ----a-w-   c:\windows.000\SYSTEM32\updcrl.exe
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows.000\SYSTEM\blank.htm
mSearch Bar = hxxp://www.earthlink.net/search/
mWindow Title = Microsoft Internet Explorer provided by EarthLink Network, Inc.
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: {0357C02F-4361-42F5-BA08-4AC0AAF7B7BE} = 207.69.188.187 207.69.188.186
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows.000\SYSTEM32\NZDD.DLL
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows.000\SYSTEM32\NZDD.DLL
DPF: DirectAnimation Java Classes - file://c:\windows.000\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows.000\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows.000\Java\classes\xmldso.cab
DPF: Win32 Classes
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-puqlvkku - c:\documents and settings\david marks\Local Settings\Application Data\cusqmm\kbkwsysguard.exe
HKLM-Run-puqlvkku - c:\documents and settings\david marks\Local Settings\Application Data\cusqmm\kbkwsysguard.exe
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-Cubase VST32 - d:\progra~1\STEINB~1\CUBASE~1.1\UNINST~1.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 15:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.000\system32\wdfmgr.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\Runner.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows.000\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-11 15:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-11 23:22

Pre-Run: 366,411,776 bytes free
Post-Run: 11,039,571,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.000
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.000 = "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5BCC6A6775FB2E2F6762C88B8A5E67F9

dave · « **Reply #12 on:** December 11, 2009, 11:00:18 PM »

...and the new Hijack This file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:07 PM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.000\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\david marks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Runner.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.000\system32\wscntfy.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\SYSTEM\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS.000\SYSTEM32\NZDD.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\Airlink101\PVR-PLUS\TVR\Scheduled.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\david marks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Runner.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.000\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: Win32 Classes -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258018013640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258017904753
O17 - HKLM\System\CCS\Services\Tcpip\..\{0357C02F-4361-42F5-BA08-4AC0AAF7B7BE}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS2\Services\Tcpip\..\{0357C02F-4361-42F5-BA08-4AC0AAF7B7BE}: NameServer = 207.69.188.187 207.69.188.186
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS.000\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.000\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7685 bytes

Corrine · « **Reply #13 on:** December 11, 2009, 11:43:01 PM »

Pre-Run: 366,411,776 bytes free
Post-Run: 11,039,571,968 bytes free

Yeah, I'd say your system was just a bit sluggish. However, I'm not satisfied all is well yet. Please do an on-line scan. Establish an internet connection and perform an on-line scan with Internet Explorer at Kaspersky Online Scanner

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal.

Note:

This scan is best done from IE (Internet Explorer)
Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here: http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Note: To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

=====================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=====================

Logs Required

Kaspersky Scan Log
Hijackthis Log

LandzDown Forum

News:

Author Topic: 1st time visitor trying to speed up computer (Read 1507 times)

dave

1st time visitor trying to speed up computer

winchester73

Re: 1st time visitor trying to speed up computer

dave

Re: 1st time visitor trying to speed up computer

winchester73

Re: 1st time visitor trying to speed up computer

winchester73

Re: 1st time visitor trying to speed up computer

dave

Re: 1st time visitor trying to speed up computer

dave

Re: 1st time visitor trying to speed up computer

Corrine

Re: 1st time visitor trying to speed up computer

dave

Re: 1st time visitor trying to speed up computer

Corrine

Re: 1st time visitor trying to speed up computer

dave

Re: 1st time visitor trying to speed up computer

Corrine

Re: 1st time visitor trying to speed up computer

dave

Re: 1st time visitor trying to speed up computer

Corrine

Re: 1st time visitor trying to speed up computer