1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Machine has slowed to near a stop!

Discussion in 'Malware and Virus Removal Archive' started by Ski52, 2009/10/23.

Page 2 of 2
  1. 2009/10/26
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Back at it.

    OTL logfile created on: 10/26/2009 11:40:34 AM - Run 2
    OTL by OldTimer - Version 3.0.22.1 Folder = D:\
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.74% Memory free
    3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.52% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 51.77 Gb Total Space | 25.39 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
    Drive D: | 44.54 Gb Total Space | 25.10 Gb Free Space | 56.36% Space Free | Partition Type: NTFS
    Drive E: | 20.51 Gb Total Space | 13.63 Gb Free Space | 66.46% Space Free | Partition Type: NTFS
    Drive F: | 20.51 Gb Total Space | 10.85 Gb Free Space | 52.90% Space Free | Partition Type: NTFS
    Drive G: | 11.71 Gb Total Space | 11.65 Gb Free Space | 99.49% Space Free | Partition Type: NTFS
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SKISINTEL
    Current User Name: Ski
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - File not found -- C:\Program Files\Alwil Software\Avast4\setup\avast.set
    PRC - [2009/10/25 23:25:32 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    PRC - [2009/08/17 12:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    PRC - [2009/08/17 12:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/08/17 11:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/06/30 06:58:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    PRC - [2009/06/24 11:01:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
    PRC - [2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
    PRC - [2009/03/10 22:18:14 | 00,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
    PRC - [2009/02/25 11:21:56 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
    PRC - [2007/10/24 23:57:56 | 16,855,552 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
    PRC - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

    ========== Win32 Services (SafeList) ==========

    SRV - [2009/10/16 16:29:22 | 00,348,824 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
    SRV - [2009/08/17 12:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
    SRV - [2009/08/17 12:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
    SRV - [2009/08/17 12:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
    SRV - [2009/08/17 11:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
    SRV - [2009/07/31 18:41:26 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
    SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
    SRV - [2009/06/24 11:01:26 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f4dcaae7aea4 [Auto | Stop_Pending])
    SRV - [2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
    SRV - [2009/06/04 10:53:02 | 00,066,048 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
    SRV - [2009/02/25 11:21:56 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
    SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
    SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
    SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
    SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
    SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
    SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
    SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
    SRV - [2008/04/13 20:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
    SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
    SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
    SRV - [2008/03/07 16:04:10 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Stopped])
    SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
    SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Start_Pending])
    SRV - [2007/10/14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running])
    SRV - [2007/01/31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
    SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
    SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
    SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

    ========== Modules (SafeList) ==========

    MOD - [2009/10/25 23:25:32 | 00,521,728 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/|http://mrcs.phpbb3now.com/index.php?sid=4896f2a0295c726f403fe250e657741e|http://www.xtremepccentral.com/|http://www.windowsbbs.com/index.php|https://www.sodifferent.biz/|http://www.funfile.org/index.php|http://www.reflexive.com/ "
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 29
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/29 20:57:34 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/23 07:58:07 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/15 13:47:28 | 00,000,000 | ---D | M]

    [2009/06/21 14:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\mozilla\Extensions
    [2009/06/21 14:05:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/10/25 21:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\mozilla\Firefox\Profiles\4bz8esua.default\extensions
    [2009/10/19 01:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\mozilla\Firefox\Profiles\4bz8esua.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2009/08/30 13:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\mozilla\Firefox\Profiles\4bz8esua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/27 10:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\mozilla\Firefox\Profiles\4bz8esua.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009/06/21 14:05:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/09/12 20:31:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/09/12 20:31:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/09/12 20:31:53 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2009/09/12 20:31:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2009/07/14 09:21:03 | 00,136,768 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
    [2009/07/14 09:21:27 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
    [2009/07/14 09:20:57 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
    [2009/06/04 10:53:02 | 00,031,944 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
    [2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Ranges: 1 range(s) not assigned to a zone.
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245381457687 (WUWebControl Class)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/18 22:19:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 14 Days ==========

    [2009/10/14 16:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    [2009/10/25 10:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/10/16 16:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2009/10/24 22:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/10/19 14:02:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\Awem
    [2009/10/12 23:39:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\Games
    [2009/10/12 18:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\GARMIN
    [2009/10/16 13:59:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\GTM_Bodie
    [2009/10/25 10:34:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\Malwarebytes
    [2009/10/16 16:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\PC Tools
    [2009/10/16 11:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\Pointstone
    [2009/10/24 22:57:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\SUPERAntiSpyware.com
    [2009/10/16 20:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\Application Data\VampireSaga
    [2009/10/16 15:30:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2009/10/12 17:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2009/10/12 18:56:04 | 00,000,000 | ---D | C] -- C:\Program Files\DirPrn
    [2009/10/14 16:52:07 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
    [2009/10/12 17:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin
    [2009/10/12 18:00:41 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
    [2009/10/25 10:34:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/16 15:30:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2009/10/16 15:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2009/10/24 22:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/10/25 22:37:12 | 00,000,000 | --SD | C] -- C:\ComboFix
    [2009/10/25 21:05:44 | 19,515,960 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Ski\Desktop\drweb-cureit.exe
    [2009/10/25 10:34:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/10/25 10:34:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/10/24 20:48:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
    [2009/10/24 20:46:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2009/10/23 16:54:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ski\My Documents\Dziubinski 2202 Macedo_dbfiles
    [2009/10/22 23:17:22 | 00,000,000 | ---D | C] -- C:\Tools
    [2009/10/21 19:50:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Ski\My Documents\My Music
    [2009/10/21 19:46:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Ski\My Documents\My Pictures
    [2009/10/16 16:29:21 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2009/10/16 16:04:56 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2009/10/16 16:04:56 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2009/10/16 16:04:49 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2009/10/14 14:27:40 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Ski\My Documents\My Data Sources
    [2009/10/12 17:54:07 | 00,000,000 | ---D | C] -- C:\Garmin

    ========== Files - Modified Within 14 Days ==========

    [2009/10/26 11:44:10 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/10/26 11:44:10 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/10/26 11:44:10 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/10/26 11:41:43 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/10/26 11:39:49 | 00,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2009/10/26 11:38:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/26 11:38:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/10/26 11:37:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/10/26 11:03:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/26 00:50:39 | 03,248,160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/10/26 00:50:39 | 00,043,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/10/26 00:49:59 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2009/10/25 21:05:08 | 19,515,960 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Ski\Desktop\drweb-cureit.exe
    [2009/10/25 10:34:24 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/24 22:57:15 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/24 22:36:57 | 00,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
    [2009/10/24 20:48:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini
    [2009/10/24 18:13:19 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Ski\Desktop\dds.scr
    [2009/10/23 18:46:32 | 02,661,340 | -H-- | M] () -- C:\Documents and Settings\Ski\Local Settings\Application Data\IconCache.db
    [2009/10/23 18:38:08 | 00,001,116 | RH-- | M] () -- C:\WINDOWS\EPMBatch.ept
    [2009/10/23 16:56:31 | 00,006,630 | ---- | M] () -- C:\Documents and Settings\Ski\My Documents\Dziubinski 2202 Macedo.fshi
    [2009/10/23 16:53:41 | 00,012,149 | ---- | M] () -- C:\Documents and Settings\Ski\My Documents\Sample Inventory.fshi
    [2009/10/23 11:37:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2009/10/21 18:39:48 | 00,000,537 | ---- | M] () -- C:\WINDOWS\win.ini
    [2009/10/21 18:39:48 | 00,000,211 | ---- | M] () -- C:\Boot.bak
    [2009/10/17 16:17:21 | 00,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
    [2009/10/16 16:29:21 | 00,159,600 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2009/10/15 21:35:52 | 00,000,507 | ---- | M] () -- C:\WINDOWS\WPB95.INI

    ========== Files - No Company Name ==========
    [2009/10/25 22:41:44 | 03,248,160 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/10/25 22:41:44 | 00,043,316 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/10/25 10:34:24 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/24 22:57:15 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/24 20:48:29 | 00,000,211 | ---- | C] () -- C:\Boot.bak
    [2009/10/24 20:48:25 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2009/10/24 18:13:43 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Ski\Desktop\dds.scr
    [2009/10/23 18:31:30 | 00,001,116 | RH-- | C] () -- C:\WINDOWS\EPMBatch.ept
    [2009/10/23 16:54:22 | 00,006,630 | ---- | C] () -- C:\Documents and Settings\Ski\My Documents\Dziubinski 2202 Macedo.fshi
    [2009/10/16 16:04:56 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
    [2009/08/26 11:23:57 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Ski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/14 11:48:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\acroread.ini
    [2009/08/12 16:18:41 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2009/08/12 16:18:41 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2009/08/12 16:18:40 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
    [2009/08/12 16:18:40 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2009/08/06 17:46:08 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
    [2009/08/06 17:46:08 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
    [2009/08/06 17:46:08 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
    [2009/08/05 23:48:14 | 00,000,001 | ---- | C] () -- C:\WINDOWS\sslzdlt.dll
    [2009/08/05 23:48:12 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/08/05 21:05:54 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
    [2009/07/26 18:28:04 | 02,661,340 | -H-- | C] () -- C:\Documents and Settings\Ski\Local Settings\Application Data\IconCache.db
    [2009/06/22 16:04:31 | 00,001,324 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
    [2009/06/22 16:04:22 | 00,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
    [2009/06/22 16:04:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2009/06/22 14:46:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2009/06/19 13:44:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/06/19 13:12:47 | 00,000,507 | ---- | C] () -- C:\WINDOWS\WPB95.INI
    [2009/06/19 10:18:13 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
    [2009/06/19 10:09:41 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/06/19 10:03:18 | 00,002,228 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/06/18 23:04:08 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Ski\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/06/18 22:56:54 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
    [2009/06/18 22:56:54 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
    [2009/06/18 22:56:52 | 00,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
    [2009/06/18 22:56:52 | 00,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
    [2009/06/18 22:42:18 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2009/06/18 22:42:17 | 00,010,287 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2009/06/18 22:42:11 | 00,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2009/06/18 22:36:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ski\Application Data\desktop.ini
    [2009/06/18 18:08:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
    [2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2004/08/04 08:00:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
    [2004/08/04 08:00:00 | 00,000,537 | ---- | C] () -- C:\WINDOWS\win.ini
    [2004/08/04 08:00:00 | 00,000,256 | ---- | C] () -- C:\WINDOWS\system.ini

    ========== LOP Check ==========

    [2009/10/25 10:34:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/10/07 23:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
    [2009/07/31 19:47:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
    [2009/08/27 11:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
    [2009/10/14 16:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    [2009/07/31 21:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2009/10/10 14:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
    [2009/07/10 11:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
    [2009/08/26 14:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
    [2009/06/23 07:59:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2009/06/30 14:50:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2009/09/30 16:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
    [2009/07/12 13:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2009/10/03 21:55:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
    [2009/09/25 13:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2009/08/30 17:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
    [2009/08/15 20:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive
    [2009/08/31 16:45:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2009/08/10 11:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2009/09/18 19:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2009/08/19 16:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
    [2009/10/21 18:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/10/10 16:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    [2009/10/25 10:34:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ski\Application Data
    [2009/09/28 16:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Acronis
    [2009/08/31 16:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Ahead
    [2009/07/24 00:20:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Aisle 5 Games, Inc
    [2009/06/19 09:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Alawar
    [2009/10/11 10:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\AMPSoft
    [2009/10/19 14:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Awem
    [2009/08/27 11:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\blg
    [2009/10/11 09:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Blitware
    [2009/08/08 11:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\cerasus.media
    [2009/10/11 09:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\dvdcss
    [2009/10/08 20:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Frostbow
    [2009/09/19 14:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\funkitron
    [2009/08/02 10:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\GameInvest
    [2009/07/10 11:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Gamers Digital
    [2009/10/12 23:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Games
    [2009/10/12 18:00:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\GARMIN
    [2009/08/29 14:23:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Gold Casual Games
    [2009/10/16 13:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\GTM_Bodie
    [2009/10/05 13:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\HdO Adventure
    [2009/07/05 23:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\IronCode
    [2009/09/15 13:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\iWin
    [2009/06/22 15:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\KWorld Multimedia
    [2009/08/21 11:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\MA
    [2009/06/25 18:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\MagicBall4
    [2009/10/26 05:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\MailWasher
    [2009/09/30 16:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Merscom
    [2009/10/08 20:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Movie Label
    [2009/07/02 16:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Opera
    [2009/09/25 13:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\PlayFirst
    [2009/10/16 11:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Pointstone
    [2009/07/17 21:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\PopCapv1005eni
    [2009/08/05 21:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Publish Providers
    [2009/08/17 15:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Reflexivev1001
    [2009/10/21 19:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\RobinsonCrusoeREF
    [2009/08/03 23:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\she_is_a_shadow
    [2009/08/12 16:18:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Simply Super Software
    [2009/09/18 19:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Sony
    [2009/08/05 20:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Sony Setup
    [2009/10/08 00:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Total Eclipse
    [2009/06/21 14:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Twintale Entertainment
    [2009/06/19 15:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\URSE Games
    [2009/10/23 20:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\uTorrent
    [2009/10/16 20:28:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\VampireSaga
    [2009/09/08 14:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\Windows Home Server
    [2009/07/31 22:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\YoudaGames
    [2009/10/10 16:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ski\Application Data\ZoomBrowser EX
    [2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/10/26 11:38:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/26 11:03:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/26 11:38:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81523426
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
    < End of report >
     
    Ski52,
    #21
  2. 2009/10/26
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Oops - double post. It only made 1 report this time, no Extra.
     
    Ski52,
    #22


  3. to hide this advert.

  4. 2009/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How are the issues?
    Please, post fresh HJT log.
     
    broni,
    #23
  5. 2009/10/26
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Machine seems pretty much the same. Tried to stay away from it today, but this is my main source for looking for work. Been laid off since April - guess I'm being forced into retirement - Can get Social Security in December.... Who knows???

    Sometimes it's lightning quick, don't even get your finger off the mouse button and boom - other times... bring a lunch! Gonna do a LOT of housecleaning when this issue is cleared up - Adobe for 1.....

    HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:26:35 PM, on 10/26/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - ESC Trusted IP range: http://192.168.2.1
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245381457687
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1E2F992-2041-4A33-9CFD-C3AD2A6EAE1D}: NameServer = 192.168.2.1,192.168.2.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1c9f4dcaae7aea4) (gupdate1c9f4dcaae7aea4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 6004 bytes
     
    Ski52,
    #24
  6. 2009/10/26
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Just noticed HJT reports on IE, I'm using FireFox.
     
    Ski52,
    #25
  7. 2009/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's normal. IE is still there :(

    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove.

    ==================================================================

    Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click Restore MS Hosts File and then click OK.
    * Click the X to exit the program

    Restart computer.

    ================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    - R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    - O15 - ESC Trusted IP range: http://192.168.2.1 (if you added http://192.168.2.1 to IE Trusted Zone, DO NOT checkmark this entry)

    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #26
  8. 2009/10/26
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Did as you requested. I deleted those R0 files once yesterday......

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:52:20 PM, on 10/26/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245381457687
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1E2F992-2041-4A33-9CFD-C3AD2A6EAE1D}: NameServer = 192.168.2.1,192.168.2.1
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate1c9f4dcaae7aea4) (gupdate1c9f4dcaae7aea4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 6235 bytes
     
    Ski52,
    #27
  9. 2009/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Please, let me know, how is your computer doing.
     
    broni,
    #28
  10. 2009/10/26
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Let ya know in the AM - off to la-la land. Us 'older' folk need our beauty rest! :D
     
    Ski52,
    #29
  11. 2009/10/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #30
  12. 2009/10/27
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Hate to say it, but after all this, it is almost slower at times. Shut them all off last nite, which I normally don't do. Took 17 minutes to get to a viable desktop on the main machine. Started with 5 Systray icons, dropped to 1. When all the icons are present, the machine is fast, when they are not, it's slow. I'm gonna try doing a bunch of housecleaning, and if all else fails, finally a format of partition C and a new install.
    Thanx for all your help so far. I'll let you know the outcome.
     
    Ski52,
    #31
  13. 2009/10/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your machine is definitely malware free, so I'll mark this thread as resolved (malware-wise) and I suggest, you repost your issue under Windows section.
    You'll have to look for some other reasons. Hardware, maybe?
     
    broni,
    #32
  14. 2009/10/27
    Ski52

    Ski52 Inactive Thread Starter

    Joined:
    2002/01/07
    Messages:
    176
    Likes Received:
    1
    Hardware - good choice...... Am gonna do an fDisk & format and start over.... Current install is only 3-4 weeks old - new drive....... I can always recreate the important lost stuff....
    Thanx for all your help Broni - will check out your site..... (if you don't mind)


    Ski
     
    Ski52,
    #33
  15. 2009/10/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome to do so :)
    I'd test hard drive and RAM, before you go through reinstall process.
     
    broni,
    #34
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...