Solved wuauclt.exe is BUGGING my computer!

no luck means that I've reset the time before in BIOS, but after reboot, the time remains the same.
Example: I reset the time from 00:00 16 march 2010 to 21:22 21 August 2010, then after reboot the next day, it still remain as 21:23 21 August 2010........

 

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll not found.
Service AntiVirUpgradeService stopped successfully!
Service AntiVirUpgradeService deleted successfully!
File C:\DOCUME~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DrvIcon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ViStart deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Owner

User: Admin
->Flash cache emptied: 20090 bytes

User: Guest

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Default User
->Temp folder emptied: 18256761 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes

User: Owner
->Temp folder emptied: 18256761 bytes

User: Admin
->Temp folder emptied: 5710650 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27397874 bytes
->Google Chrome cache emptied: 257048010 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 18257491 bytes
->FireFox cache emptied: 7588963 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23285 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 96370717 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 8938358 bytes
RecycleBin emptied: 7487811 bytes

Total Files Cleaned = 444.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08132010_192715

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

 

When was the last time you changed the motherboard battery? If it has been a while, it may be worth replacing, then resetting the clock in BIOS again.
Are you saving the setting in BIOS when you exit? (Stupid question i know, but I have to ask)

 

well, i am trying to buy CMOS battery, but since I am staying in Malaysia, there is NO PLACE which can purchase CMOS battery. And I also scared to open the casing.......

Of course! when i want to exit, for sure they asked me whether I save the changes or not.......

 

well, i am trying to buy CMOS battery, but since I am staying in Malaysia, there is NO PLACE which can purchase CMOS battery. And I also scared to open the casing.......

Of course! when i want to exit, for sure they asked me whether I save the changes or not.......

 

No worries . Is this a laptop? I may have missed if you had already mentioned it.

How are things at the moment?

Lets do an online scan to see if anything shows up.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

​

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan ​

• Trend Micro HouseCall ​

• F-Secure Online Virus Scanner ​

 

wuauclt.exe is still running wildly, and it makes system unstable. My dad starts grumbling because of slow computer. And HDD space left 2 GB free....... What should I uninstall to make my computer run great?

 

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

============

Set Windows Autoupdates to manual in Control Panel and see how it is.

Please do the scan.

 

When I attempt to run the scan, the computer shutdowns and continously restart after that. I have no choice but to run in safe mode, but ALL THE SCANNERS won't allow me to run scan in safe mode..........

I've checked Event viewer, the STOP code is this:
1. 0x00000023 ( 0x000e100, 0xf5eb09c4, 0xf5eb06c0, 0xf943fb0f)
2. 0x1000000a ( 0x00000004, 0x00000002, 0x00000000, 0x804e662f)

should I run System Restore or something else to stop my computer from getting BSOD???

p/s: I am using safe mode to type this message

 

Try this in safe mode;

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

hmm....... I am testing the pc for running in an half an hour, before that, can I run Combofix without safe mode????

 

Sure can.

 

ComboFix 10-09-04.06 - Admin 08/25/2010 17:32:55.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.99 [GMT 9:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\BITS
c:\documents and settings\Admin\Application Data\BITS\BITS.ini
c:\documents and settings\Admin\Application Data\BITS\DHTTable.dat
c:\documents and settings\Admin\Application Data\BITS\ProxyList.ini
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192041.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192041.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192100.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192100.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent.~tmp
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent.bits
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent.hybridlist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent.seeds
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509192101.torrent.statistic
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193347.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193347.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193532.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193532.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193544.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193544.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent.~tmp
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent.bits
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent.hybridlist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent.seeds
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509193545.torrent.statistic
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212150.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212150.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212206.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212206.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent.~tmp
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent.bits
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent.hybridlist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent.seeds
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509212207.torrent.statistic
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223017.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223017.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223022.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223022.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223023.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223023.torrent.~tmp
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223023.torrent.bits
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223023.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223023.torrent.hybridlist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223023.torrent.statistic
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223430.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223430.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223451.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223451.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223452.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223452.torrent.bits
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223452.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223452.torrent.hybridlist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223452.torrent.seeds
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100509223452.torrent.statistic
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510023009.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510023009.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510023013.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510023013.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510060340.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510060340.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510060341.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510060341.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510181300.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510181300.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510181301.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510181301.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510190507.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510190507.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510190516.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510190516.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510190522.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100510190522.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511101740.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511101740.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511101741.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511101741.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511233134.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511233134.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511233135.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511233135.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511233930.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100511233930.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512004742.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512004742.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512004743.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512004743.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512081608.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512081608.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512081614.torrent
c:\documents and settings\Admin\Application Data\BITS\Torrent\20100512081614.torrent.filelist
c:\documents and settings\Admin\Application Data\BITS\UPnP.ini
c:\documents and settings\Admin\Application Data\FlashGetBHO
c:\documents and settings\Admin\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Admin\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Admin\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Admin\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\Admin\Local Settings\Application Data\DoubleD
c:\documents and settings\Admin\Local Settings\Application Data\DoubleD\Desktop Smiley Toolbar\3.6.1.7000\bin\stbup.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\torrent\18186890_Microsoft_Office_2007_(Completely_Free_Courtesy_Of_M_).4373271.TPB.torrent
c:\program files\FlashGet Network\FlashGet 3\dat\torrent\7438296_CQOnline2.2.101.torrent
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\program files\FunWebProducts
c:\windows\Fonts\GYKG00U.TTF
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 00:45 . 2010-08-25 00:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-25 00:42 . 2010-08-25 00:42 -------- d-----w- c:\program files\System Search Dispatcher
2010-08-25 00:42 . 2010-08-25 00:42 -------- d-----w- c:\program files\DoubleD
2010-08-25 00:42 . 2010-08-25 00:42 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-25 00:21 . 2010-08-25 00:21 -------- d-----w- C:\FOUND.003
2010-08-25 00:05 . 2010-08-25 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-24 23:58 . 2010-08-24 23:58 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-08-24 23:54 . 2010-08-24 23:54 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-08-24 23:53 . 2010-08-24 23:53 -------- d-s---w- c:\documents and settings\Administrator
2010-08-24 23:53 . 2010-08-24 23:53 -------- d-----w- C:\FOUND.002
2010-08-23 06:10 . 2010-08-23 06:10 -------- d-----w- C:\FOUND.001
2010-08-22 15:41 . 2010-08-22 15:41 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-13 10:27 . 2010-08-13 10:27 -------- d-----w- C:\_OTL
2010-08-13 02:38 . 2010-08-13 02:38 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-08-13 02:38 . 2010-08-13 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 02:38 . 2010-08-13 02:38 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-08-11 18:07 . 2010-08-11 18:07 -------- d-----w- c:\program files\PaintTool SAI English Pack
2010-08-11 13:53 . 2010-08-11 13:53 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b0805c-n\msvcp71.dll
2010-08-11 13:53 . 2010-08-11 13:53 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b0805c-n\jmc.dll
2010-08-11 13:53 . 2010-08-11 13:53 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b0805c-n\msvcr71.dll
2010-08-11 13:53 . 2010-08-11 13:53 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3550f163-n\decora-d3d.dll
2010-08-11 13:53 . 2010-08-11 13:53 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3550f163-n\decora-sse.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 11:53 . 2010-05-08 23:04 43 ----a-w- c:\windows\popcinfot.dat
2010-08-12 06:05 . 2010-05-11 07:57 56 ---h--w- c:\windows\popcreg.dat
2010-06-01 19:55 . 2010-05-08 18:23 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-01 19:55 . 2010-05-08 18:23 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-01 19:55 . 2010-05-08 18:23 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2010-05-06 . 0AAE990A2F09D62D3596A7C7AB708C87 . 6160384 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\mshtml.dll
[7] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie8\mshtml.dll
[7] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\mshtml.dll
[7] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\ie7\mshtml.dll
[7] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[7] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[7] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[7] 2008-10-15 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\mshtml.dll
[7] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2010-02-17 . A65F4ADCE520CEE214B1AD3604C724F9 . 2187904 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2008-04-13 . FE9BE8E13D786CBBFCDCBE2780188902 . 1432064 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-13 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2010-02-16 . DEA0B1B4525B2748B5DFCB58CDAC0045 . 2064768 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[7] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"MSPY2002 "= "c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"LXSUPMON "= "c:\windows\system32\LXSUPMON.EXE" [2002-01-27 885760]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-06 202256]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-04-23 20:10 1668920 ----a-w- c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-28 10:28 135664 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 02:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 12:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 07:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-18 13:10 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [12/9/2003 10:04 AM 10368]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/18/2010 2:15 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/18/2010 2:15 AM 19024]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
S2 AntiVirUpgradeService;Avira Upgrade Service; "c:\docume~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe" /TEMPSTART:" "c:\docume~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\docume~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe [?]
S2 gupdate1c9611b8690831e;Google Update Service (gupdate1c9611b8690831e);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2008 10:18 PM 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 13:09]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-18 13:18]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-18 13:18]

2010-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 13:09]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733290971-2304659736-1445258045-1005Core1cac607a42666b2.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 10:28]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{0C04208A-E418-4CAA-BEA6-03AA7A6DE064}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download all by FlashGet3 - c:\documents and settings\Admin\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Admin\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ViStart - c:\progra~1\VISTART\VISTART.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe
AddRemove-Bookworm - f:\bookworm\Uninstall.exe
AddRemove-BookWorm Deluxe 1.03 - f:\bookworm deluxe\PopUninstall.exe
AddRemove-FlashGet 3.5 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
AddRemove-RaidenII - f:\raiden\Loader.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 17:42
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1733290971-2304659736-1445258045-1005\Software\SecuROM\License information*]
"datasecu "=hex:53,24,92,de,b7,e3,f7,23,29,b4,88,4b,49,ac,7b,72,77,ab,60,2d,8c,
09,af,a7,ea,2c,d6,c3,db,9f,71,f4,fd,9c,22,7b,98,69,f3,aa,5a,3c,78,ed,e7,59,\
"rkeysecu "=hex:6e,84,9c,37,f3,8a,12,82,48,28,a4,cb,af,66,c8,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(480)
c:\windows\system32\cscui.dll
.
Completion time: 2010-08-25 17:44:35
ComboFix-quarantined-files.txt 2010-08-25 08:44

Pre-Run: 2,552,823,808 bytes free
Post-Run: 2,500,968,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\= "Previous Operating System on C: "

- - End Of File - - B0903208F08299991146B62B8552FDB1

 

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\dllcache\mshtml.dll | c:\windows\system32\mshtml.dll
c:\windows\system32\dllcache\mshtml.dll | c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\mshtml.dll
c:\windows\system32\dllcache\ntoskrnl.exe | c:\windows\system32\ntoskrnl.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
c:\windows\Driver Cache\i386\ntkrnlpa.exe | c:\windows\system32\ntkrnlpa.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

=========

Let me know how things are now.

 

my computer still running very slow, i think is insufficient RAM and left a little space of hdd...... but my niece's computer also 256MB of RAM, but her computer can run great......don't know why.


ComboFix 10-09-04.06 - Admin 08/25/2010 20:27:58.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.111 [GMT 9:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\dllcache\mshtml.dll --> c:\windows\system32\mshtml.dll
c:\windows\system32\dllcache\mshtml.dll --> c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\mshtml.dll
c:\windows\system32\dllcache\ntoskrnl.exe --> c:\windows\system32\ntoskrnl.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\Driver Cache\i386\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 00:45 . 2010-08-25 00:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-25 00:42 . 2010-08-25 00:42 -------- d-----w- c:\program files\System Search Dispatcher
2010-08-25 00:42 . 2010-08-25 00:42 -------- d-----w- c:\program files\DoubleD
2010-08-25 00:42 . 2010-08-25 00:42 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-25 00:05 . 2010-08-25 00:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-24 23:58 . 2010-08-24 23:58 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2010-08-24 23:54 . 2010-08-24 23:54 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-08-24 23:53 . 2010-08-24 23:53 -------- d-s---w- c:\documents and settings\Administrator
2010-08-22 15:41 . 2010-08-22 15:41 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-13 10:27 . 2010-08-13 10:27 -------- d-----w- C:\_OTL
2010-08-13 02:38 . 2010-08-13 02:38 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-08-13 02:38 . 2010-08-13 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 02:38 . 2010-08-13 02:38 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-08-11 18:07 . 2010-08-11 18:07 -------- d-----w- c:\program files\PaintTool SAI English Pack
2010-08-11 13:53 . 2010-08-11 13:53 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b0805c-n\msvcp71.dll
2010-08-11 13:53 . 2010-08-11 13:53 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b0805c-n\jmc.dll
2010-08-11 13:53 . 2010-08-11 13:53 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-40b0805c-n\msvcr71.dll
2010-08-11 13:53 . 2010-08-11 13:53 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3550f163-n\decora-d3d.dll
2010-08-11 13:53 . 2010-08-11 13:53 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3550f163-n\decora-sse.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 11:53 . 2010-05-08 23:04 43 ----a-w- c:\windows\popcinfot.dat
2010-08-12 06:05 . 2010-05-11 07:57 56 ---h--w- c:\windows\popcreg.dat
2010-06-01 19:55 . 2010-05-08 18:23 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-01 19:55 . 2010-05-08 18:23 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-01 19:55 . 2010-05-08 18:23 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-25_08.41.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-25 11:09 . 2010-08-25 11:09 16384 c:\windows\Temp\Perflib_Perfdata_61c.dat
- 2010-08-25 01:37 . 2010-08-25 01:37 4480 c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-08-25 10:58 . 2010-08-25 10:58 4480 c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
+ 1979-12-31 15:00 . 2008-06-20 10:51 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 10:51 . 2008-06-20 10:51 361600 c:\windows\system32\dllcache\tcpip.sys
- 2008-12-20 05:12 . 2010-02-17 00:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 1979-12-31 15:00 . 2010-02-17 00:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2001-08-17 04:48 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-12-20 05:12 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 1979-12-31 15:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
- 2008-12-20 05:16 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 1979-12-31 15:00 . 2008-04-13 23:12 1033728 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
"MSPY2002 "= "c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"LXSUPMON "= "c:\windows\system32\LXSUPMON.EXE" [2002-01-27 885760]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-06 202256]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-04-23 20:10 1668920 ----a-w- c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-28 10:28 135664 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 02:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 12:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 07:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-18 13:10 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [12/9/2003 10:04 AM 10368]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/18/2010 2:15 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/18/2010 2:15 AM 19024]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [9/26/2009 7:35 AM 819600]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/23/2009 3:04 PM 447832]
R3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\SftFSXP.sys [9/23/2009 3:04 PM 543064]
R3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplayxp.sys [9/23/2009 3:04 PM 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [9/23/2009 3:05 PM 21864]
R3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\SftVolXP.sys [9/23/2009 3:04 PM 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/23/2009 3:04 PM 203608]
S2 AntiVirUpgradeService;Avira Upgrade Service; "c:\docume~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe" /TEMPSTART:" "c:\docume~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\docume~1\Admin\LOCALS~1\Temp\AVSETUP_49531f86\basic\avupgsvc.exe [?]
S2 gupdate1c9611b8690831e;Google Update Service (gupdate1c9611b8690831e);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2008 10:18 PM 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
.
Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 13:09]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-18 13:18]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-18 13:18]

2010-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1733290971-2304659736-1445258045-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 13:09]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733290971-2304659736-1445258045-1005Core1cac607a42666b2.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 10:28]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{0C04208A-E418-4CAA-BEA6-03AA7A6DE064}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.my/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download all by FlashGet3 - c:\documents and settings\Admin\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Admin\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} - hxxp://202.71.97.47/ibrowser/cibrowser_1_1_1_130.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 20:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1733290971-2304659736-1445258045-1005\Software\SecuROM\License information*]
"datasecu "=hex:53,24,92,de,b7,e3,f7,23,29,b4,88,4b,49,ac,7b,72,77,ab,60,2d,8c,
09,af,a7,ea,2c,d6,c3,db,9f,71,f4,fd,9c,22,7b,98,69,f3,aa,5a,3c,78,ed,e7,59,\
"rkeysecu "=hex:6e,84,9c,37,f3,8a,12,82,48,28,a4,cb,af,66,c8,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-25 20:40:26
ComboFix-quarantined-files.txt 2010-08-25 11:40
ComboFix2.txt 2010-08-25 08:44

Pre-Run: 2,635,186,176 bytes free
Post-Run: 2,553,413,632 bytes free

- - End Of File - - D32CD278C59CDEC372A79A0CA72D21C1

 

256Mb of RAM is really not enough for your system. Just because one PC runs ok with that little, does not mean that every PC will be ok with the same amount.
Has this PC been de-fragmented lately?

 

hmm.... no. Because when I attempt to do de-fragment, it will pop up a lot of error messages.

 

Can you tell me what some of those error messages are? Try diskeeper lite; http://majorgeeks.com/Diskeeper_Lite_d1207.html

 

When I attempt to run windows defragmenter, It stops at 10% and said that my hdd has corrupted and needs to perform chkdsk action. Then I run chkdsk, but it shows nothing..........

 

I knew that I've installed too much of rubbish software. Which one should I uninstall?


ÓÎ÷Öùú°Ã™±¦Ãä
´Ã³¸»ÃŽÃŒ(Rich) V4
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Artweaver 1.0
Askey HSFi V.90(V.92) 56K PCI Modem
Aspire Screen Saver
avast! Free Antivirus
BitTorrent
Bookworm Deluxe 1.13
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
DNA
Elemental: War of Magic v1.07
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HyperCam 2
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
Lexmark Skin: Helix
Lexmark Supplies Monitor
Lexmark Z25-Z35
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010 (Beta)
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Oxford Advanced Learner's Dictionary - 8th Edition
Pando Media Booster
PvP-RO Client
QUICKfind server v1.1
Ragnarok Sakray
RealPlayer
RealUpgrade 1.0
Science Form 2 MyCD Volume 1
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
V3750 Digital Camera Driver
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! Software Update