computer a little slow and quirky

View previous topic View next topic Go down

computer a little slow and quirky

Post by njrh on 1st December 2009, 4:22 pm

My computer is a little slow and quirky - lots of vista error messages eg start up programs blocked, host processes closed etc. It shuts itself off if left for a long time and also won't power up in the morning when move the mouse if left to idle. It takes a long time to shut down and start up. I have run malwarebytes and it was clean.

Here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:52, on 01/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\BsMnt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logicool\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -restart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logicool SetPoint.lnk = C:\Program Files\Logicool\SetPoint\SetPoint.exe
O4 - Global Startup: VideoCam Suite 2.0.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logicool, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12211 bytes

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 1st December 2009, 10:35 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 2nd December 2009, 2:15 pm

Hi.
I ran the Eset scanner just as you requested but it did not save a log where you said.
However before I closed the window I noticed that there were 2 threats identified and removed
"multiple threats" in outlook express back up
and a worm of some description (W32?) but don't know where.

Do you want me to run it again? It took about 4 hrs and if so how do I save the log this time?

Hopefully this has helped you.
Thanks

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 2nd December 2009, 8:26 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 3rd December 2009, 10:52 am

Hi. Updated andRan malware full scan as you suggested but again it came up clean

here is the log - any other suggestions?


Malwarebytes' Anti-Malware 1.41
Database version: 3284
Windows 6.0.6002 Service Pack 2

03/12/2009 10:46:05
mbam-log-2009-12-03 (10-46-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 213365
Time elapsed: 1 hour(s), 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 3rd December 2009, 10:22 pm

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):


  • ParetoLogic DriverCure


Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -restar
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

After it completes its process, please close HijackThis and reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Windows\BisonCam
C:\Program Files\ParetoLogic

Please reboot your computer again, and post a new HijackThis log here in your next reply.

==

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    KHALMNPR.EXE

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt Post that along with the new HijackThis log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 7th December 2009, 5:49 pm

Hi again - sorry about the delahy - its been a hectic weekend.
Friday I did all the hijack this fix checked stuff but didnt get to System Look.
So I ran HJ again just now ( Monday eve) and also did system look so here are both logs.
Was interested that you deleted paretologic and also bison cam.(any particular reason why?)
On Thursday was skyping friend in the US but my acer (bison)cam was not working.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:52, on 01/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\BsMnt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logicool\SetPoint\SetPoint.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -restart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logicool SetPoint.lnk = C:\Program Files\Logicool\SetPoint\SetPoint.exe
O4 - Global Startup: VideoCam Suite 2.0.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logicool, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12211 bytes



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:26 on 07/12/2009 by Hunter (Administrator - Elevation successful)

========== filefind ==========

Searching for "KHALMNPR.EXE"
C:\Program Files\Common Files\Logishrd\CDDRV2\KHALMNPR.exe --a--- 76304 bytes [00:55 19/12/2008] [00:55 19/12/2008] 05039C71AEE848C6CBE25E57CF22D48C
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe --a--- 76304 bytes [01:24 19/02/2009] [01:24 19/02/2009] 8B5D3149AB22EA26880608EABE55B7FB
C:\Windows\KHALMNPR.Exe --a--- 76304 bytes [00:55 19/12/2008] [00:55 19/12/2008] 05039C71AEE848C6CBE25E57CF22D48C
C:\Windows\System32\DriverStore\FileRepository\jfmouhid.inf_127b705c\KHALMNPR.Exe --a--- 76304 bytes [00:55 19/12/2008] [00:55 19/12/2008] 05039C71AEE848C6CBE25E57CF22D48C

-=End Of File=-

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 8th December 2009, 4:24 am

It will have to be reinstalled, please.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 8th December 2009, 9:37 am

I had problems here.
I downloaded the combofix as you asked. Disabled AVG 9.0 by making resident shield inactive ( version 9.0 wasn't on your article so I assumed it was the same as 8.5).
Went to run combo fix but had a pop up saying security threat - malware - some type of explore.exe so it removed it only to find that it had removed combofix.
So went to download it again but system wont now allow me to save it to the desktop - says I have to ask the administrator (how do I do that? it is me surely). Suggests saving it to another file.
Didn't want to do that without asking you first.
What shall I do now?
(Incidentally I just noticed that not all the things you asked me to "fix checked" on Hijack This were deleted.)

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by wakeford69 on 8th December 2009, 9:59 am


Hello, wakeford69, you are not allowed to post help to users. Please read the pinned topics in this forum. Including the one "Do you want to learn how to fight malware?" Thanks!

~ DragonMaster Jay

wakeford69
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25734
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 8th December 2009, 2:01 pm

Yes i did rename it exactly as I was asked. i will give it another go later. I know it is good as it cleared up my daughters computer brilliantly.
But thanks for helping.......

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 8th December 2009, 11:02 pm

Please post the ComboFix log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 9th December 2009, 8:46 am

Hello Dragonmaster,
I had another go at running combofix.
This time it did save to my desktop ok - renamed as you specified.
However something was going on as my desktop wall paper turned black. i turned off as much of AVG as I could - resident shield, link scanner email scanner but i still got a warning buzzer and popup from combofix to say that the antivirus and antispyware was still active. i tried to turn them off but couldnt find a disable thingy to click anywhere.
So nervously I carried on.......with fingers and toes crossed. i really hope I didnt do anythng wrong but you didnt say anything about AVG 9.0 ( I "allowed" any warnings about commy exe but quarantined Tool.Nircmd at the end).

Here is the log anyway

ComboFix 09-12-08.03 - Hunter 09/12/2009 6:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.893.304 [GMT 0:00]
Running from: c:\users\Hunter\Desktop\Commy.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 06:41 . 2009-12-09 06:41 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2009-12-09 03:09 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:09 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:09 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:17 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-02 10:00 . 2009-12-02 10:00 -------- d-----w- c:\program files\ESET
2009-11-27 09:18 . 2009-11-27 09:18 -------- d-----w- c:\program files\Trend Micro
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\users\Hunter\AppData\Roaming\Malwarebytes
2009-11-25 11:04 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-25 11:04 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 09:49 . 2009-11-25 09:54 -------- d-----w- C:\$AVG
2009-11-25 09:49 . 2009-11-25 09:49 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-25 09:49 . 2009-11-25 09:49 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-25 09:49 . 2009-11-25 09:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-25 09:46 . 2009-11-25 09:46 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-25 09:45 . 2009-11-25 09:45 -------- d-----w- c:\programdata\avg9
2009-11-25 03:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:27 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:27 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-18 03:21 . 2009-11-18 03:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 03:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 03:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 03:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 03:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-18 03:02 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-18 03:02 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-18 03:02 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-18 03:02 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-18 03:02 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-18 03:02 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-18 03:02 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-18 03:02 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-18 03:02 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-18 03:02 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-18 03:02 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-18 03:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 03:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 03:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-11 13:28 . 2009-11-11 13:28 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-11 09:25 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 08:05 . 2007-12-16 09:42 -------- d-----w- c:\users\Hunter\AppData\Roaming\Skype
2009-12-09 08:04 . 2007-12-16 09:45 -------- d-----w- c:\users\Hunter\AppData\Roaming\skypePM
2009-12-09 07:56 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-09 03:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 03:09 . 2007-09-07 14:39 -------- d-----w- c:\programdata\Microsoft Help
2009-12-04 14:21 . 2009-06-07 12:12 -------- d-----w- c:\programdata\DriverCure
2009-12-02 07:35 . 2007-09-28 15:49 130898 ----a-w- c:\windows\hpoins18.dat
2009-11-25 09:55 . 2008-12-15 14:02 -------- d-----w- c:\program files\AVG
2009-11-25 09:49 . 2009-02-04 08:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-25 09:49 . 2008-12-15 14:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-25 09:49 . 2008-12-15 14:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-25 09:49 . 2008-12-15 14:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-21 06:40 . 2009-12-08 23:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 23:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-08 23:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-08 23:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 03:20 . 2009-11-18 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-02 20:42 . 2009-10-03 01:14 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:19 . 2006-11-14 14:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 15:46 . 2009-10-31 15:46 -------- d-----w- c:\users\Hunter\AppData\Roaming\Logitech
2009-10-31 15:43 . 2009-10-31 15:43 -------- d-----w- c:\programdata\LogiShrd
2009-10-31 15:42 . 2009-10-31 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-31 15:42 . 2009-10-31 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-31 15:42 . 2009-10-31 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-31 15:41 . 2009-10-31 15:40 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-31 15:40 . 2009-10-31 15:40 -------- d-----w- c:\programdata\Logicool
2009-10-31 15:40 . 2009-10-31 15:40 -------- d-----w- c:\program files\Logicool
2009-09-25 02:10 . 2009-11-18 03:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 03:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 03:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 03:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 03:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 03:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 03:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 03:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 03:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 03:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 03:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 03:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 03:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 03:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 03:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 03:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 03:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 03:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 03:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-18 03:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-18 03:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 03:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 03:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 03:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 03:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 03:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 03:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 00:23 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-16 00:23 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-28 05:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-28 05:37 310784 ----a-w- c:\windows\system32\unregmp2.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-23 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-25 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logicool SetPoint.lnk - c:\program files\Logicool\SetPoint\SetPoint.exe [2009-10-31 809488]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-8-30 181592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,e8,f7,9e,37,43,ca,01

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [25/11/2009 09:49 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [25/11/2009 09:49 161800]
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\System32\drivers\SI3112r.sys [29/08/2007 01:04 116264]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [25/11/2009 09:46 24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15/12/2008 14:04 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 08:15 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/11/2009 09:48 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/11/2009 09:47 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [25/11/2009 09:48 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [25/11/2009 09:47 5832712]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [25/11/2009 09:47 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [25/11/2009 09:47 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [25/11/2009 09:47 27800]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [30/07/2008 15:58 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [14/11/2006 12:39 31232]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [18/11/2008 16:34 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-09 08:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5844)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\program files\Logicool\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\bgsvcgen.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-12-09 08:18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-09 08:18

Pre-Run: 4,141,871,104 bytes free
Post-Run: 4,121,260,032 bytes free

- - End Of File - - 8F425E7658B4BCC5AC6ED040FDD5636C

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 9th December 2009, 2:06 pm

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\nshhttp.dll
    c:\windows\system32\drivers\http.sys
    c:\windows\system32\httpapi.dll
    c:\windows\system32\rastls.dll

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"=-
    "?????????"=-
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 10th December 2009, 8:33 am

Hi
If I need to run combo fix again - please confirm how to disable AVG (9.0) INTERNET Security. It keeps telling me the antivurus and anti spy is active after I have tried to disable it.
Here is the log


ComboFix 09-12-09.04 - Hunter 10/12/2009 7:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.893.281 [GMT 0:00]
Running from: c:\users\Hunter\Desktop\Commy.exe
Command switches used :: c:\users\Hunter\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\http.sys"
"c:\windows\system32\httpapi.dll"
"c:\windows\system32\nshhttp.dll"
"c:\windows\system32\rastls.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\http.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 07:49 . 2009-12-10 07:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-10 07:49 . 2009-12-10 07:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-09 03:09 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:09 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-08 23:17 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-02 12:57 . 2009-12-02 12:56 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD583.tmp.exe
2009-12-02 10:00 . 2009-12-02 10:00 -------- d-----w- c:\program files\ESET
2009-12-01 00:33 . 2009-12-01 00:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-11-27 09:18 . 2009-11-27 09:18 -------- d-----w- c:\program files\Trend Micro
2009-11-27 00:33 . 2009-11-27 00:33 3519152 ----a-w- c:\programdata\ParetoLogic\UUS2\DriverCure\Temp\DriverCure Installer.exe
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\users\Hunter\AppData\Roaming\Malwarebytes
2009-11-25 11:04 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-25 11:04 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 10:11 . 2009-11-25 09:48 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-11-25 10:11 . 2009-11-25 09:48 3963648 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-25 10:07 . 2009-11-25 09:48 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-11-25 10:07 . 2009-11-25 09:48 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-25 09:49 . 2009-11-25 09:54 -------- d-----w- C:\$AVG
2009-11-25 09:49 . 2009-11-25 09:49 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-25 09:49 . 2009-11-25 09:49 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-25 09:49 . 2009-11-25 09:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-25 09:46 . 2009-11-25 09:46 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-25 09:45 . 2009-11-25 09:45 -------- d-----w- c:\programdata\avg9
2009-11-25 03:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:27 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:27 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-18 03:21 . 2009-11-18 03:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 03:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 03:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 03:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 03:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-18 03:02 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-18 03:02 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-18 03:02 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-18 03:02 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-18 03:02 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-18 03:02 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-18 03:02 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-18 03:02 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-18 03:02 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-18 03:02 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-18 03:02 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-18 03:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 03:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 03:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-11 13:28 . 2009-11-11 13:28 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-11 09:25 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 09:24 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 07:18 . 2007-12-16 09:42 -------- d-----w- c:\users\Hunter\AppData\Roaming\Skype
2009-12-10 00:04 . 2007-12-16 09:45 -------- d-----w- c:\users\Hunter\AppData\Roaming\skypePM
2009-12-09 07:56 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-09 03:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 03:09 . 2007-09-07 14:39 -------- d-----w- c:\programdata\Microsoft Help
2009-12-04 14:21 . 2009-06-07 12:12 -------- d-----w- c:\programdata\DriverCure
2009-12-02 07:35 . 2007-09-28 15:49 130898 ----a-w- c:\windows\hpoins18.dat
2009-11-25 09:55 . 2008-12-15 14:02 -------- d-----w- c:\program files\AVG
2009-11-25 09:49 . 2009-02-04 08:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-25 09:49 . 2008-12-15 14:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-25 09:49 . 2008-12-15 14:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-25 09:49 . 2008-12-15 14:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-21 06:40 . 2009-12-08 23:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 23:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-08 23:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-08 23:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 03:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 03:20 . 2009-11-18 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-02 20:42 . 2009-10-03 01:14 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:19 . 2006-11-14 14:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 15:46 . 2009-10-31 15:46 -------- d-----w- c:\users\Hunter\AppData\Roaming\Logitech
2009-10-31 15:43 . 2009-10-31 15:43 -------- d-----w- c:\programdata\LogiShrd
2009-10-31 15:42 . 2009-10-31 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-31 15:42 . 2009-10-31 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-31 15:42 . 2009-10-31 15:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-31 15:41 . 2009-10-31 15:40 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-31 15:40 . 2009-10-31 15:40 -------- d-----w- c:\programdata\Logicool
2009-10-31 15:40 . 2009-10-31 15:40 -------- d-----w- c:\program files\Logicool
2009-09-25 02:10 . 2009-11-18 03:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 03:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 03:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 03:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 03:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 03:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 03:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 03:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 03:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 03:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 03:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 03:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 03:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 03:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 03:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 03:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 03:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 03:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 03:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-18 03:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-18 03:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 03:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 03:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 03:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 03:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 03:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 03:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 00:23 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe -hide" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-25 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logicool SetPoint.lnk - c:\program files\Logicool\SetPoint\SetPoint.exe [2009-10-31 809488]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-8-30 181592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,e8,f7,9e,37,43,ca,01

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [25/11/2009 09:49 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [25/11/2009 09:49 161800]
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\System32\drivers\SI3112r.sys [29/08/2007 01:04 116264]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [25/11/2009 09:46 24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15/12/2008 14:04 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 08:15 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/11/2009 09:48 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/11/2009 09:47 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [25/11/2009 09:48 2304192]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [25/11/2009 09:47 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [25/11/2009 09:47 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [25/11/2009 09:47 27800]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [25/11/2009 09:47 5832712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [30/07/2008 15:58 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [14/11/2006 12:39 31232]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [18/11/2008 16:34 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-10 07:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7652)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\program files\Logicool\SetPoint\lgscroll.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2009-12-10 07:55:41
ComboFix-quarantined-files.txt 2009-12-10 07:55
ComboFix2.txt 2009-12-09 08:18

Pre-Run: 3,798,556,672 bytes free
Post-Run: 3,779,944,448 bytes free

- - End Of File - - EF7A1F222EAE5AAF43D32CEE46BCE722

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 10th December 2009, 9:31 pm

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\programdata\ParetoLogic
    c:\programdata\DriverCure
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please go [You must be registered and logged in to see this link.]. Copy and paste the following file path in to the box.

c:\windows\bthservsdp.dat

Do the same for these two files:

C:\windows\system32\userinit.exe
c:\windows\system32\oleacc.dll


Then click submit. (Do not get old results. Have them scan the file again. I am looking for active infections, not actual threats.)

Please post the results (URL) to your next reply.

==

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please post the ComboFix log results, VirusTotal results, and the SpiderKill log results in your next reply. Also, please tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 10th December 2009, 9:48 pm

I don't know if it is part of the same problem in cleaning up my computer but the print spooler service has stopped and i cant print anything. I have unstalled the printer sftware and downloaded the latest software from HP but the installation was stopped as it couldnt fix the print spooler - it was blocked - any suggestions? Could combifix have done this?

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 10th December 2009, 10:01 pm

As I mentioned before PLEASE CONFIRM TO ME that I am disabling AVG9.0 Internet security correctly by disabling the resident shield. Previously I have disabled the web shield the email scanner and the link scanner as well but cant do anything to the antivirus bit or the antispyware. IS THAT ALL I NEED TO DO?? I don't want to run combofix again unless this is right as i cant stand all the audible warnings that it is still active and dire happenings will occur!!
Please let meknow so i can proceed safely and complete all that you ask

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 10th December 2009, 10:08 pm

The printer spooler service might be infected, actually. That can be scanned later. You can safely skip disabling AVG. ComboFix will do it for you.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 15th December 2009, 12:37 pm

Thanks for your reply. Sorry for the delay - have got around the lack of a printer and had e amil problems for a while. When i get a moment i will continue with the scans. I am very appreciative of your help but it is a busy time at the moment.

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by Dr Jay on 15th December 2009, 9:52 pm

I understand. Take your time and post when ready.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 12th January 2010, 7:33 am

Hi iam back and have time to sort out these scans. Had problems pasting into virus Total. will have to redo the combofix in a minute.
Meanwhile here is spiderkill



SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows [Version 6.0.6002]

********************Drivers list********************


Volume in drive C is ACER
Volume Serial Number is E40F-D10A

Directory of C:\Windows\System32\Drivers

11/01/2010 17:07 .
11/01/2010 17:07 ..
02/11/2006 08:55 53,376 1394bus.sys
14/11/2006 12:21 20 Acer_A310_HomePremium_X86_EN.MRK
11/04/2009 06:32 265,688 acpi.sys
02/11/2006 09:51 420,968 adp94xx.sys
02/11/2006 09:51 297,576 adpahci.sys
02/11/2006 09:50 98,408 adpu160m.sys
02/11/2006 09:51 147,048 adpu320.sys
11/04/2009 04:47 273,920 afd.sys
02/11/2006 09:49 53,864 AGP440.sys
02/11/2006 09:49 14,952 aliide.sys
02/11/2006 09:49 54,888 AMDAGP.SYS
02/11/2006 09:49 15,464 amdide.sys
02/11/2006 08:30 38,912 amdk7.sys
19/01/2008 05:27 44,032 amdk8.sys
02/11/2006 09:50 67,688 arc.sys
02/11/2006 09:50 67,688 arcsas.sys
19/01/2008 05:56 17,408 asyncmac.sys
11/04/2009 06:32 19,944 atapi.sys
11/04/2009 06:32 109,032 ataport.sys
10/11/2006 06:38 506,368 athr.sys
03/06/2008 01:34 49,152 ati2erec.dll
03/06/2008 05:22 3,695,104 atikmdag.sys
30/10/2006 15:22 8,192 AtiPcie.sys
01/10/2006 21:10 328,162 ativcaxx.cpa
01/10/2006 21:10 929 ativcaxx.vp
18/04/2007 13:19 2,096 ativdkxx.vp
30/05/2007 16:37 2,096 ativokxx.vp
30/05/2007 16:37 2,096 ativpkxx.vp
09/09/2007 03:37 52,400 ativvpxx.vp
11/01/2010 14:33 Avg
25/11/2009 09:49 333,192 avgldx86.sys
25/11/2009 09:49 28,424 avgmfx86.sys
25/11/2009 09:49 360,584 avgtdix.sys
29/04/2008 10:19 12,960 Awrtpd.sys
29/04/2008 10:19 15,648 Awrtrd.sys
19/01/2008 07:41 28,216 battc.sys
19/12/2006 11:18 534,016 BCMWL6.SYS
19/01/2008 05:53 12,288 bdasup.sys
19/01/2008 05:49 6,144 beep.sys
19/01/2008 05:28 69,632 bowser.sys
02/11/2006 08:24 13,568 BrFiltLo.sys
02/11/2006 08:24 5,248 BrFiltUp.sys
11/04/2009 05:42 93,696 bridge.sys
02/11/2006 08:25 71,808 BrSerId.sys
02/11/2006 08:24 62,336 BrSerWdm.sys
02/11/2006 08:24 12,160 BrUsbMdm.sys
02/11/2006 08:24 11,904 BrUsbSer.sys
02/11/2006 08:55 19,456 bthenum.sys
02/11/2006 08:55 39,936 bthmodem.sys
02/11/2006 08:55 92,160 bthpan.sys
02/11/2006 08:55 220,160 bthport.sys
02/11/2006 08:55 29,184 BTHUSB.SYS
19/01/2008 05:28 70,144 cdfs.sys
20/02/2006 18:17 33,408 cdrbsdrv.sys
11/04/2009 04:39 67,072 cdrom.sys
02/11/2006 08:55 35,328 circlass.sys
11/04/2009 06:32 125,928 Classpnp.sys
19/01/2008 05:32 14,208 CmBatt.sys
02/11/2006 09:49 16,488 cmdide.sys
19/01/2008 07:41 20,792 compbatt.sys
11/04/2009 06:32 35,304 crashdmp.sys
02/11/2006 09:49 22,632 crcdisk.sys
02/11/2006 08:30 38,912 crusoe.sys
11/04/2009 04:14 75,264 dfsc.sys
11/04/2009 06:32 53,736 disk.sys
11/04/2009 04:39 19,456 Diskdump.sys
02/11/2006 09:50 71,272 djsvs.sys
02/11/2006 13:29 21,264 DKbFltr.sys
19/01/2008 05:49 131,584 Dot4.sys
19/01/2008 05:49 16,384 Dot4Prt.sys
19/01/2008 05:49 36,864 Dot4usb.sys
19/01/2008 06:53 130,048 drmk.sys
19/01/2008 05:53 5,632 drmkaud.sys
11/04/2009 06:32 27,624 Dumpata.sys
19/01/2008 05:36 13,312 dxapi.sys
11/04/2009 04:23 76,288 dxg.sys
25/09/2009 01:27 634,880 dxgkrnl.sys
02/11/2006 07:30 117,760 E1G60I32.sys
11/04/2009 06:32 141,288 ecache.sys
02/11/2006 09:51 316,520 elxstor.sys
30/01/2007 19:10 67,584 EMS7SK.sys
09/12/2009 03:33 en-US
30/01/2007 19:10 46,592 ESD7SK.sys
30/01/2007 19:10 61,952 ESM7SK.sys
09/12/2009 08:01 etc
11/04/2009 04:13 136,704 exfat.sys
11/04/2009 04:13 142,848 fastfat.sys
02/11/2006 08:51 25,088 fdc.sys
19/01/2008 07:42 58,936 fileinfo.sys
19/01/2008 05:30 27,648 filetrace.sys
02/11/2006 08:51 20,480 flpydisk.sys
11/04/2009 06:32 190,424 fltMgr.sys
19/01/2008 05:27 12,800 fs_rec.sys
11/04/2009 06:32 99,816 FWPKCLNT.SYS
02/11/2006 09:50 58,984 GAGP30KX.SYS
18/09/2006 21:26 3,440,660 gm.dls
18/09/2006 21:26 646 gmreadme.txt
11/04/2009 04:42 561,152 hdaudbus.sys
02/11/2006 07:36 235,520 HdAudio.sys
02/11/2006 08:55 29,184 hidbth.sys
11/04/2009 04:42 39,424 hidclass.sys
02/11/2006 08:55 21,504 hidir.sys
19/01/2008 05:53 25,472 hidparse.sys
11/04/2009 04:42 12,800 hidusb.sys
02/11/2006 09:50 37,480 HpCISSs.sys
18/10/2006 08:50 144,201 HSFProf.cty
18/10/2006 03:08 206,848 HSXHWAZL.sys
18/10/2006 03:08 659,968 HSX_CNXT.sys
18/10/2006 03:09 986,624 HSX_DPV.sys
02/11/2006 09:49 16,488 i2omgmt.sys
02/11/2006 09:49 27,752 i2omp.sys
19/01/2008 05:49 54,784 i8042prt.sys
02/11/2006 09:51 232,040 iaStorV.sys
02/11/2006 09:50 41,576 iirsp.sys
12/11/2006 23:10 69,632 int15.sys
12/11/2006 23:10 15,656 int15_64.sys
02/11/2006 09:49 14,952 intelide.sys
02/11/2006 08:30 39,424 intelppm.sys
19/01/2008 05:56 47,616 ipfltdrv.sys
02/11/2006 08:42 65,536 IPMIDrv.sys
19/01/2008 05:56 100,864 ipnat.sys
19/01/2008 05:55 95,744 irda.sys
19/01/2008 05:55 13,312 irenum.sys
02/11/2006 08:57 20,992 irsir.sys
02/11/2006 09:50 47,208 isapnp.sys
02/11/2006 09:50 35,944 iteatapi.sys
02/11/2006 09:50 35,944 iteraid.sys
19/01/2008 07:41 35,384 kbdclass.sys
02/11/2006 08:51 15,872 kbdhid.sys
11/04/2009 04:38 149,504 ks.sys
15/06/2009 23:15 439,864 ksecdd.sys
19/12/2008 00:56 35,600 LHidFilt.Sys
19/01/2008 05:55 47,104 lltdio.sys
19/12/2008 00:56 37,520 LMouFilt.Sys
02/11/2006 09:50 65,640 lsi_fc.sys
02/11/2006 09:50 65,640 lsi_sas.sys
02/11/2006 09:50 65,640 lsi_scsi.sys
19/01/2008 05:30 84,480 luafv.sys
19/12/2008 00:56 28,944 LUsbFilt.sys
10/09/2009 14:53 19,160 mbam.sys
10/09/2009 14:54 38,224 mbamswissarmy.sys
19/01/2008 05:49 18,944 mcd.sys
19/06/2006 06:26 12,672 mdmxsdk.sys
02/11/2006 09:49 28,776 megasas.sys
19/01/2008 05:57 31,744 modem.sys
19/01/2008 05:52 41,984 monitor.sys
19/01/2008 07:41 34,360 mouclass.sys
19/01/2008 05:49 15,872 mouhid.sys
19/01/2008 07:42 57,400 mountmgr.sys
02/11/2006 09:50 78,952 mpio.sys
19/01/2008 05:54 64,000 mpsdrv.sys
02/11/2006 09:49 33,384 Mraid35x.sys
11/04/2009 04:14 114,688 mrxdav.sys
11/04/2009 04:14 105,984 mrxsmb.sys
11/04/2009 04:14 212,992 mrxsmb10.sys
11/04/2009 04:14 79,360 mrxsmb20.sys
02/11/2006 09:49 23,144 msahci.sys
02/11/2006 09:50 80,488 msdsm.sys
19/01/2008 05:28 22,528 msfs.sys
05/01/2008 11:31 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
19/01/2008 07:41 16,440 msisadrv.sys
11/04/2009 06:32 180,712 msiscsi.sys
19/01/2008 05:49 8,192 mskssrv.sys
19/01/2008 05:49 5,888 mspclock.sys
19/01/2008 05:49 5,504 mspqm.sys
11/04/2009 06:32 161,752 msrpc.sys
19/01/2008 07:41 31,288 mssmbios.sys
19/01/2008 05:49 6,016 mstee.sys
11/04/2009 06:32 48,104 mup.sys
11/04/2009 06:32 527,848 ndis.sys
19/01/2008 05:56 20,992 ndistapi.sys
19/01/2008 05:55 16,896 ndisuio.sys
11/04/2009 04:46 121,344 ndiswan.sys
19/01/2008 05:56 49,664 ndproxy.sys
19/01/2008 05:55 35,840 netbios.sys
11/04/2009 04:45 185,856 netbt.sys
11/04/2009 06:32 223,208 netio.sys
02/11/2006 09:50 45,160 nfrd960.sys
11/04/2009 04:14 35,328 npfs.sys
29/04/2008 10:20 15,648 NSDriver.sys
19/01/2008 05:55 16,384 nsiproxy.sys
11/04/2009 06:32 1,083,880 ntfs.sys
14/11/2006 14:46 6,144 NTIDrvr.sys
02/11/2006 07:36 20,608 ntrigdigi.sys
19/01/2008 05:49 4,608 null.sys
02/11/2006 09:50 88,680 nvraid.sys
02/11/2006 09:50 40,040 nvstor.sys
02/11/2006 09:50 106,600 NV_AGP.SYS
11/04/2009 04:43 148,480 nwifi.sys
02/11/2006 08:55 62,080 ohci1394.sys
11/04/2009 04:45 72,192 pacer.sys
02/11/2006 08:51 79,360 parport.sys
11/04/2009 06:32 54,248 partmgr.sys
02/11/2006 08:51 8,704 parvdm.sys
11/04/2009 06:32 149,480 pci.sys
11/04/2009 06:32 14,312 pciide.sys
11/04/2009 06:32 43,496 pciidex.sys
11/04/2009 06:32 177,640 pcmcia.sys
02/11/2006 09:04 878,080 PEAuth.sys
11/04/2009 04:42 167,936 portcls.sys
02/11/2006 08:30 38,400 processr.sys
10/11/2006 14:10 10,624 psdfilter.sys
10/11/2006 14:21 7,936 PSDNServ.sys
08/11/2006 15:11 53,760 psdvdisk.sys
02/11/2006 09:51 900,712 ql2300.sys
02/11/2006 09:50 106,088 ql40xx.sys
19/01/2008 05:56 31,232 qwavedrv.sys
19/01/2008 05:56 11,776 rasacd.sys
19/01/2008 05:56 76,288 rasl2tp.sys
11/04/2009 04:46 41,472 raspppoe.sys
19/01/2008 05:56 62,976 raspptp.sys
11/04/2009 04:46 69,120 rassstp.sys
11/04/2009 04:14 225,280 rdbss.sys
19/01/2008 06:01 6,144 RDPCDD.sys
02/11/2006 09:03 242,688 rdpdr.sys
19/01/2008 06:01 6,144 RDPENCDD.sys
11/04/2009 04:51 180,736 rdpwd.sys
02/11/2006 08:55 49,664 rfcomm.sys
11/04/2009 04:45 113,664 rmcast.sys
11/04/2009 04:46 33,280 RNDISMP.sys
19/01/2008 05:57 8,192 rootmdm.sys
19/01/2008 05:55 60,416 rspndr.sys
23/11/2006 06:15 1,652,968 RTKVHDA.sys
29/10/2008 16:29 43,520 Rtnicxp.sys
02/11/2006 09:50 76,392 sbp2port.sys
19/01/2008 07:42 142,904 scsiport.sys
11/04/2009 04:19 89,088 sdbus.sys
02/11/2006 06:37 20,480 secdrv.sys
02/11/2006 08:51 17,920 serenum.sys
02/11/2006 08:51 83,456 serial.sys
19/01/2008 05:49 19,968 sermouse.sys
02/11/2006 09:14 9,216 serscan.sys
02/11/2006 08:51 13,312 sffdisk.sys
02/11/2006 08:51 12,800 sffp_mmc.sys
02/11/2006 08:51 12,800 sffp_sd.sys
02/11/2006 08:51 13,312 sfloppy.sys
26/01/2007 13:55 69,168 SI3112.sys
29/08/2007 01:04 116,264 SI3112r.sys
02/11/2006 09:49 53,352 SISAGP.SYS
02/11/2006 09:50 38,504 sisraid2.sys
02/11/2006 09:50 71,784 sisraid4.sys
29/08/2007 01:04 19,240 SiWinAcc.sys
11/04/2009 04:45 66,560 smb.sys
19/01/2008 05:49 17,408 smclib.sys
18/10/2006 07:44 31,232 smscirda.sys
19/01/2008 07:41 21,048 spldr.sys
11/04/2009 02:52 684,032 spsys.sys
11/04/2009 04:15 288,768 srv.sys
14/09/2009 09:29 144,896 srv2.sys
11/04/2009 04:15 98,816 srvnet.sys
11/04/2009 06:32 122,344 Storport.sys
11/04/2009 04:42 52,992 stream.sys
19/01/2008 07:41 15,288 swenum.sys
02/11/2006 09:50 35,944 symc8xx.sys
02/11/2006 09:49 31,848 sym_hi.sys
02/11/2006 09:50 34,920 sym_u3.sys
23/10/2006 03:17 179,896 SynTP.sys
19/01/2008 05:49 24,576 tape.sys
14/08/2009 16:27 904,776 tcpip.sys
14/08/2009 13:48 30,720 tcpipreg.sys
19/01/2008 05:57 20,992 tdi.sys
19/01/2008 06:01 17,920 tdpipe.sys
19/01/2008 06:01 29,184 tdtcp.sys
11/04/2009 04:45 72,192 tdx.sys
11/04/2009 06:32 53,224 termdd.sys
19/01/2008 06:01 23,552 tssecsrv.sys
19/01/2008 05:55 15,360 TUNMP.SYS
19/01/2008 05:55 23,040 tunnel.sys
12/11/2006 23:10 14,544 TVicPort.sys
12/11/2006 23:10 8,704 TVicPort64.sys
02/11/2006 09:49 56,936 UAGP35.SYS
28/08/2006 10:30 13,952 UBHelper.sys
11/04/2009 04:13 226,816 udfs.sys
02/11/2006 09:50 58,472 ULIAGPKX.SYS
02/11/2006 09:51 235,112 uliahci.sys
02/11/2006 09:50 98,408 ulsata.sys
02/11/2006 09:50 115,816 ulsata2.sys
19/01/2008 05:53 34,816 umbus.sys
18/11/2009 03:20 UMDF
19/01/2008 05:53 7,680 umpass.sys
11/04/2009 04:46 15,872 usb8023.sys
11/04/2009 04:42 25,856 USBCAMD.sys
11/04/2009 04:42 25,856 USBCAMD2.sys
19/01/2008 05:53 73,216 usbccgp.sys
02/11/2006 08:55 68,608 usbcir.sys
19/01/2008 05:53 5,888 usbd.sys
11/04/2009 04:42 39,936 usbehci.sys
11/04/2009 04:43 196,096 usbhub.sys
11/04/2009 04:42 19,456 usbohci.sys
11/04/2009 04:42 226,304 usbport.sys
19/01/2008 06:14 18,944 usbprint.sys
19/01/2008 06:14 35,328 usbscan.sys
11/04/2009 04:42 65,536 USBSTOR.SYS
02/11/2006 08:55 22,528 usbuhci.sys
19/01/2008 05:52 25,088 vga.sys
02/11/2006 08:53 26,112 vgapnp.sys
02/11/2006 09:49 54,376 VIAAGP.SYS
02/11/2006 08:30 39,424 viac7.sys
02/11/2006 09:49 17,512 viaide.sys
19/01/2008 05:52 110,080 videoprt.sys
19/01/2008 07:42 52,792 volmgr.sys
11/04/2009 06:33 292,840 volmgrx.sys
11/04/2009 06:32 226,280 volsnap.sys
02/11/2006 09:50 112,232 vsmraid.sys
02/11/2006 07:41 200,704 VSTAZL3.SYS
02/11/2006 07:41 654,336 VSTCNXT3.SYS
18/09/2006 21:42 133,972 VSTDProf.cty
02/11/2006 07:41 987,648 VSTDPV3.SYS
18/09/2006 21:42 133,528 VSTEProf.cty
18/09/2006 21:42 141,392 VSTProf.cty
18/09/2006 21:42 141,572 VSTSProf.cty
02/11/2006 08:52 20,608 wacompen.sys
19/01/2008 05:56 62,464 wanarp.sys
11/04/2009 04:22 33,280 watchdog.sys
02/11/2006 09:49 19,560 wd.sys
19/01/2008 07:43 503,864 Wdf01000.sys
19/01/2008 07:41 35,896 WdfLdr.sys
19/01/2008 05:32 11,264 wmiacpi.sys
19/01/2008 07:41 17,976 wmilib.sys
19/01/2008 05:56 15,872 ws2ifsl.sys
19/09/2006 15:47 80,744 WSVD.sys
19/01/2008 05:52 51,200 WUDFPf.sys
19/01/2008 05:53 83,328 WUDFRd.sys
04/08/2006 09:39 386,560 XAudio.exe
04/08/2006 09:39 8,192 XAudio.sys
12/11/2006 23:10 6,080 zntport.sys
12/11/2006 23:10 6,144 zntport64.sys
323 File(s) 40,985,037 bytes

Directory of C:\Windows\System32\Drivers\Avg

11/01/2010 14:33 .
11/01/2010 14:33 ..
15/12/2008 14:04 6,061,540 avi7.avg
25/11/2009 09:49 113,461 iavichjw.avm
11/01/2010 14:32 47,706,819 incavi.avm
11/01/2010 14:31 138,145 microavi.avg
01/10/2009 13:30 492,629 miniavi.avg
5 File(s) 54,512,594 bytes

Directory of C:\Windows\System32\Drivers\en-US

09/12/2009 03:33 .
09/12/2009 03:33 ..
02/11/2006 12:41 9,728 acpi.sys.mui
02/11/2006 12:41 8,704 afd.sys.mui
02/11/2006 12:41 3,072 AGP440.sys.mui
02/11/2006 12:41 3,072 AMDAGP.SYS.mui
02/11/2006 12:40 2,560 amdide.sys.mui
02/11/2006 12:40 14,848 amdk7.sys.mui
02/11/2006 12:40 14,848 amdk8.sys.mui
02/11/2006 12:41 3,072 ati2mpad.sys.mui
02/11/2006 12:41 3,584 ati2mtag.sys.mui
02/11/2006 12:40 3,072 atikmdag.sys.mui
19/01/2008 07:30 5,120 b57nd60x.sys.mui
02/11/2006 12:40 7,680 battc.sys.mui
02/11/2006 12:40 5,120 bcm4sbxp.sys.mui
02/11/2006 12:40 2,560 BrParwdm.sys.mui
02/11/2006 12:41 10,240 BrSerId.sys.mui
02/11/2006 12:40 5,120 bthpan.sys.mui
11/04/2009 06:22 8,192 bthport.sys.mui
02/11/2006 12:41 3,072 cmbp0wdm.sys.mui
02/11/2006 12:40 14,848 crusoe.sys.mui
02/11/2006 12:41 3,072 cxbp0wdm.sys.mui
02/11/2006 12:40 3,072 Dot4usb.sys.mui
08/10/2009 23:12 4,096 dxgkrnl.sys.mui
02/11/2006 12:41 5,120 e100b325.sys.mui
19/01/2008 07:37 19,968 e1e6032.sys.mui
19/01/2008 07:40 16,896 E1G60I32.sys.mui
02/11/2006 12:40 5,120 fltmgr.sys.mui
02/11/2006 12:40 3,072 GAGP30KX.SYS.mui
02/11/2006 12:41 3,584 gpr400.sys.mui
02/11/2006 12:41 4,096 grserial.sys.mui
11/04/2009 06:24 4,096 hdaudbus.sys.mui
02/11/2006 12:41 3,584 hidbth.sys.mui
03/11/2009 21:46 36,864 http.sys.mui
02/11/2006 12:41 10,752 i8042prt.sys.mui
02/11/2006 12:40 14,848 intelppm.sys.mui
02/11/2006 12:41 6,144 IPMIDrv.sys.mui
02/11/2006 12:41 4,096 ipnat.sys.mui
02/11/2006 12:41 4,096 isapnp.sys.mui
02/11/2006 12:41 4,608 kbdclass.sys.mui
02/11/2006 12:41 3,072 kbdhid.sys.mui
02/11/2006 12:41 9,728 ltmdmnt.sys.mui
19/01/2008 07:30 6,656 luafv.sys.mui
02/11/2006 12:41 4,096 modem.sys.mui
02/11/2006 12:41 4,608 mouclass.sys.mui
02/11/2006 12:41 3,072 mouhid.sys.mui
19/01/2008 07:44 20,480 mpio.sys.mui
02/11/2006 12:41 4,096 msdsm.sys.mui
02/11/2006 12:41 3,584 mssmbios.sys.mui
02/11/2006 12:41 65,536 ntfs.sys.mui
02/11/2006 12:40 4,096 ntrigdigi.sys.mui
02/11/2006 12:41 5,120 nv4_mini.sys.mui
02/11/2006 12:41 3,072 NV_AGP.SYS.mui
02/11/2006 12:40 12,288 ohci1394.sys.mui
02/11/2006 12:41 3,584 pacer.sys.mui
02/11/2006 12:40 4,096 parport.sys.mui
02/11/2006 12:40 3,072 parvdm.sys.mui
02/11/2006 12:41 8,704 pci.sys.mui
02/11/2006 12:41 4,608 pcmcia.sys.mui
02/11/2006 12:41 3,072 pnpmem.sys.mui
02/11/2006 12:40 14,848 processr.sys.mui
02/11/2006 12:41 4,096 pscr.sys.mui
02/11/2006 12:41 3,072 qwavedrv.sys.mui
02/11/2006 12:40 3,584 RNDISMP.sys.mui
02/11/2006 12:41 3,584 rndismpx.sys.mui
02/11/2006 12:41 4,096 scmstcs.sys.mui
02/11/2006 12:41 4,096 SCR111.sys.mui
02/11/2006 12:41 3,584 scsiport.sys.mui
02/11/2006 12:40 10,752 serial.sys.mui
02/11/2006 12:41 5,632 sermouse.sys.mui
02/11/2006 12:41 3,072 serscan.sys.mui
02/11/2006 12:41 3,072 SISAGP.SYS.mui
02/11/2006 12:41 3,072 srv.sys.mui
02/11/2006 12:41 3,072 stcusb.sys.mui
19/01/2008 07:34 5,120 tpm.sys.mui
02/11/2006 12:40 3,072 UAGP35.SYS.mui
02/11/2006 12:41 3,072 ULIAGPKX.SYS.mui
02/11/2006 12:40 3,584 umbus.sys.mui
02/11/2006 12:41 3,072 VIAAGP.SYS.mui
02/11/2006 12:40 14,848 viac7.sys.mui
19/01/2008 07:36 32,768 volsnap.sys.mui
02/11/2006 12:41 4,608 wacompen.sys.mui
02/11/2006 12:41 2,560 wd.sys.mui
19/01/2008 07:33 3,072 wdf01000.sys.mui
02/11/2006 12:41 5,632 yk60x86.sys.mui
83 File(s) 613,376 bytes

Directory of C:\Windows\System32\Drivers\etc

09/12/2009 08:01 .
09/12/2009 08:01 ..
09/12/2009 08:01 27 hosts
18/09/2006 21:41 3,683 lmhosts.sam
18/09/2006 21:41 407 networks
18/09/2006 21:41 1,358 protocol
18/09/2006 21:41 17,244 services
5 File(s) 22,719 bytes

Directory of C:\Windows\System32\Drivers\UMDF

18/11/2009 03:20 .
18/11/2009 03:20 ..
18/11/2009 03:21 en-US
01/10/2009 01:01 227,840 WpdFs.dll
1 File(s) 227,840 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

18/11/2009 03:21 .
18/11/2009 03:21 ..
01/10/2009 01:08 3,072 wpdmtpdr.dll.mui
1 File(s) 3,072 bytes

Total Files Listed:
418 File(s) 96,364,638 bytes
17 Dir(s) 4,805,206,016 bytes free


***********************Hidden Drivers********************
Volume in drive C is ACER
Volume Serial Number is E40F-D10A

Directory of C:\Windows\System32\Drivers

31/10/2009 15:42 0 Msft_Kernel_LHidFilt_01005.Wdf
31/10/2009 15:42 0 Msft_Kernel_LMouFilt_01005.Wdf
31/10/2009 15:42 0 Msft_Kernel_LUsbFilt_01005.Wdf
14/11/2006 14:20 0 Msft_Kernel_SynTP_01000.Wdf
01/09/2008 10:23 0 Msft_User_WpdFs_01_00_00.Wdf
18/11/2009 03:20 0 Msft_User_WpdFs_01_07_00.Wdf
6 File(s) 0 bytes
0 Dir(s) 4,805,214,208 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 504 Normal C:\Windows\System32\smss.exe
csrss.exe 580 Normal C:\Windows\system32\csrss.exe
wininit.exe 640 High C:\Windows\system32\wininit.exe
csrss.exe 656 Normal C:\Windows\system32\csrss.exe
avgchsvx.exe 664 Normal C:\Program Files\AVG\AVG9\avgchsvx.exe
avgrsx.exe 672 Normal C:\Program Files\AVG\AVG9\avgrsx.exe
avgcsrvx.exe 720 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
services.exe 748 Normal C:\Windows\system32\services.exe
lsass.exe 760 Normal C:\Windows\system32\lsass.exe
lsm.exe 768 Normal C:\Windows\system32\lsm.exe
winlogon.exe 812 High C:\Windows\system32\winlogon.exe
svchost.exe 1100 Normal C:\Windows\system32\svchost.exe
svchost.exe 1160 Normal C:\Windows\system32\svchost.exe
Ati2evxx.exe 1304 Normal C:\Windows\system32\Ati2evxx.exe
svchost.exe 1324 Normal C:\Windows\System32\svchost.exe
svchost.exe 1352 Normal C:\Windows\System32\svchost.exe
svchost.exe 1388 Normal C:\Windows\system32\svchost.exe
svchost.exe 1516 Normal C:\Windows\system32\svchost.exe
SLsvc.exe 1536 Normal C:\Windows\system32\SLsvc.exe
Ati2evxx.exe 1588 Normal C:\Windows\system32\Ati2evxx.exe
svchost.exe 1684 Normal C:\Windows\system32\svchost.exe
svchost.exe 1876 Normal C:\Windows\system32\svchost.exe
aawservice.exe 2004 Normal C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Dwm.exe 1292 High C:\Windows\system32\Dwm.exe
svchost.exe 1976 Normal C:\Windows\system32\svchost.exe
taskeng.exe 924 Normal C:\Windows\system32\taskeng.exe
RtHDVCpl.exe 1096 Normal C:\Windows\RtHDVCpl.exe
SynTPEnh.exe 1700 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
LManager.exe 2052 Normal C:\Program Files\Launch Manager\LManager.exe
eDSloader.exe 2100 Normal C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
realsched.exe 2124 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PIFSvc.exe 2176 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
avgtray.exe 2216 Normal C:\Program Files\AVG\AVG9\avgtray.exe
sidebar.exe 2244 Normal C:\Program Files\Windows Sidebar\sidebar.exe
ehtray.exe 2280 Normal C:\Windows\ehome\ehtray.exe
SearchProtection.exe 2292 Normal C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
Skype.exe 2304 Normal C:\Program Files\Skype\Phone\Skype.exe
SetPoint.exe 2388 Normal C:\Program Files\Logicool\SetPoint\SetPoint.exe
VideoCamSuiteAutoStart.exe 2416 Normal C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
ONENOTEM.EXE 2432 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
avgwdsvc.exe 2492 Normal C:\Program Files\AVG\AVG9\avgwdsvc.exe
bgsvcgen.exe 2508 Normal C:\Windows\System32\bgsvcgen.exe
svchost.exe 2600 Normal C:\Windows\system32\svchost.exe
eLockServ.exe 2624 Normal C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
avgnsx.exe 2812 Normal C:\Program Files\AVG\AVG9\avgnsx.exe
eNet Service.exe 2972 Normal C:\Acer\Empowering Technology\eNet\eNet Service.exe
LSSrvc.exe 3072 Normal C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PifSvc.exe 3108 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
ehmsas.exe 3156 Normal C:\Windows\ehome\ehmsas.exe
svchost.exe 3340 Normal C:\Windows\system32\svchost.exe
RichVideo.exe 3352 Normal C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe 3400 Normal C:\Windows\system32\svchost.exe
svchost.exe 3452 Normal C:\Windows\System32\svchost.exe
SearchIndexer.exe 3560 Normal C:\Windows\system32\SearchIndexer.exe
avgemc.exe 3628 Normal C:\Program Files\AVG\AVG9\avgemc.exe
eRecoveryService.exe 3672 Normal C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
avgcsrvx.exe 3688 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
taskeng.exe 2320 Below Normal C:\Windows\system32\taskeng.exe
ENMTRAY.EXE 3308 Normal C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
KHALMNPR.EXE 3892 Normal C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
skypePM.exe 5648 Normal C:\Program Files\Skype\Plugin Manager\skypePM.exe
svchost.exe 4408 Below Normal C:\Windows\system32\svchost.exe
explorer.exe 4196 Normal C:\Windows\explorer.exe
WinMail.exe 4204 Normal C:\Program Files\Windows Mail\WinMail.exe
iexplore.exe 3416 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 5204 Normal C:\Program Files\Internet Explorer\iexplore.exe
rundll32.exe 3136 Normal C:\Windows\System32\rundll32.exe
SearchProtocolHost.exe 5080 Idle C:\Windows\system32\SearchProtocolHost.exe
cmd.exe 5952 Normal C:\Windows\system32\cmd.exe
SearchFilterHost.exe 2880 Idle C:\Windows\system32\SearchFilterHost.exe
processes.exe 1676 Normal C:\Users\Hunter\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'explorer.exe'(4196)
MODULE BASE SIZE PATH
explorer.exe 490000 2936832 C:\Windows\explorer.exe 6.0.6000.16386 (vista_rtm.061101-2205) Windows Explorer
ntdll.dll 77480000 1208320 C:\Windows\system32\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NT Layer DLL
kernel32.dll 76160000 901120 C:\Windows\system32\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT BASE API Client DLL
ADVAPI32.dll 76430000 811008 C:\Windows\system32\ADVAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Advanced Windows 32 Base API
RPCRT4.dll 76640000 798720 C:\Windows\system32\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Remote Procedure Call Runtime
GDI32.dll 76240000 307200 C:\Windows\system32\GDI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) GDI Client DLL
USER32.dll 75f70000 643072 C:\Windows\system32\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows USER API Client DLL
msvcrt.dll 75e30000 696320 C:\Windows\system32\msvcrt.dll 7.0.6002.18005 (lh_sp2rtm.090410-1830) Windows NT CRT DLL
SHLWAPI.dll 76100000 364544 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
SHELL32.dll 76970000 11599872 C:\Windows\system32\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Shell Common Dll
ole32.dll 76290000 1331200 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
OLEAUT32.dll 77650000 577536 C:\Windows\system32\OLEAUT32.dll 6.0.6002.18005 6.0.6002.18005
SHDOCVW.dll 70dd0000 1081344 C:\Windows\system32\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Doc Object and Control Library
UxTheme.dll 74af0000 258048 C:\Windows\system32\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
POWRPROF.dll 74d40000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Power Profile Helper DLL
dwmapi.dll 73370000 49152 C:\Windows\system32\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Desktop Window Manager API
gdiplus.dll 742a0000 1748992 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll 5.2.6002.18005 (lh_sp2rtm.090410-1830) Microsoft GDI+
slc.dll 75310000 237568 C:\Windows\system32\slc.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Software Licensing Client Dll
PROPSYS.dll 73fa0000 765952 C:\Windows\system32\PROPSYS.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Property System
BROWSEUI.dll 70c80000 1335296 C:\Windows\system32\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Browser UI Library
IMM32.dll 775c0000 122880 C:\Windows\system32\IMM32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 768a0000 819200 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
DUser.dll 74ac0000 196608 C:\Windows\system32\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows DirectUser Engine
LPK.DLL 75e20000 36864 C:\Windows\system32\LPK.DLL 6.0.6002.18051 (vistasp2_gdr.090615-0258) Language Pack
USP10.dll 75da0000 512000 C:\Windows\system32\USP10.dll 1.0626.6002.18005 (lh_sp2rtm.090410-1830) Uniscribe Unicode script processor
comctl32.dll 747f0000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common Controls Library
WindowsCodecs.dll 73800000 999424 C:\Windows\system32\WindowsCodecs.dll 7.0.6002.18107 (vistasp2_gdr_win7ip_dgt(wmbla).090924-1550) Microsoft Windows Codecs Library
apphelp.dll 75960000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
CLBCatQ.DLL 75ee0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6931.18000 (longhorn_rtm.080118-1840) COM+ Configuration Catalog
EhStorShell.dll 73320000 126976 C:\Windows\system32\EhStorShell.dll 5.2.3790.1830 Windows Enhanced Storage Shell Extension
IconCodecService.dll 747b0000 24576 C:\Windows\system32\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205) Converts a PNG part of the icon to a legacy bmp icon
Secur32.dll 759c0000 81920 C:\Windows\system32\Secur32.dll 6.0.6002.18051 (vistasp2_gdr.090615-0258) Security Support Provider Interface
rsaenh.dll 74da0000 241664 C:\Windows\system32\rsaenh.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Enhanced Cryptographic Provider
timedate.cpl 72730000 729088 C:\Windows\system32\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-1840) Time Date Control Panel Applet
ATL.DLL 73e40000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
NETAPI32.dll 75750000 483328 C:\Windows\system32\NETAPI32.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Net Win32 API DLL
PSAPI.DLL 75b20000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
OLEACC.dll 74470000 249856 C:\Windows\system32\OLEACC.dll 7.0.6002.18155 (vistasp2_gdr_win7ip_uia(wmbla).091008-1406) Active Accessibility Core Component
ACTXPRXY.DLL 745c0000 339968 C:\Windows\system32\ACTXPRXY.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) ActiveX Interface Marshaling Library
USERENV.dll 759e0000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
WINBRAND.dll 74ec0000 880640 C:\Windows\system32\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Branding Resources
SAMLIB.dll 75840000 69632 C:\Windows\System32\SAMLIB.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) SAM Library DLL
msshsq.dll 740c0000 245760 C:\Windows\System32\msshsq.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Structured Query
NaturalLanguage6.dll 71f30000 815104 C:\Windows\System32\NaturalLanguage6.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Natural Language Development Platform 6
CRYPT32.dll 75350000 991232 C:\Windows\System32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 754e0000 73728 C:\Windows\System32\MSASN1.dll 6.0.6002.18106 (vistasp2_gdr.090903-2340) ASN.1 Runtime APIs
authui.dll 70a90000 1998848 C:\Windows\system32\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Authentication UI
MSIMG32.dll 74de0000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
LINKINFO.dll 747c0000 36864 C:\Windows\system32\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Volume Tracking
SETUPAPI.dll 76710000 1613824 C:\Windows\system32\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Setup API
WINTRUST.dll 74bb0000 184320 C:\Windows\system32\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Trust Verification APIs
imagehlp.dll 77620000 167936 C:\Windows\system32\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT Image Helper
WININET.dll 76010000 942080 C:\Windows\system32\WININET.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Internet Extensions for Win32
Normaliz.dll 775e0000 12288 C:\Windows\system32\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unicode Normalization DLL
urlmon.dll 76500000 1253376 C:\Windows\system32\urlmon.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) OLE32 Extensions for Win32
iertutil.dll 75b30000 1998848 C:\Windows\system32\iertutil.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Run time utility for Internet Explorer
ieframe.dll 713f0000 11087872 C:\Windows\system32\ieframe.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Internet Explorer
gameux.dll 708e0000 1712128 C:\Windows\System32\gameux.dll 6.0.6000.16386 (vista_rtm.061101-2205) Games Explorer
VERSION.dll 750f0000 32768 C:\Windows\System32\VERSION.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Version Checking and File Installation Libraries
WINHTTP.dll 712b0000 393216 C:\Windows\System32\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows HTTP Services
msxml6.dll 730d0000 1421312 C:\Windows\System32\msxml6.dll 6.20.5002.0 MSXML 6.0 SP2
Wpc.dll 726e0000 311296 C:\Windows\System32\Wpc.dll 1.0.0.1 WPC Settings Library
WTSAPI32.dll 74cb0000 40960 C:\Windows\System32\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Terminal Server SDK APIs
fwpuclnt.dll 71e90000 614400 C:\Windows\System32\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) FWP/IPsec User-Mode API
wevtapi.dll 752d0000 262144 C:\Windows\System32\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eventing Consumption and Configuration API
WS2_32.dll 775f0000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 775b0000 24576 C:\Windows\system32\NSI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NSI User-mode interface DLL
msiltcfg.dll 747a0000 28672 C:\Windows\system32\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205) Windows Installer Configuration API Stub
msi.dll 6f3b0000 2256896 C:\Windows\system32\msi.dll 4.5.6002.18005 Windows Installer
NTMARTA.DLL 75990000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 763e0000 299008 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
ntshrui.dll 74070000 303104 C:\Windows\system32\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell extensions for sharing
cscapi.dll 74560000 45056 C:\Windows\system32\cscapi.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Offline Files Win32 API
NetworkExplorer.dll 6a2c0000 2240512 C:\Windows\system32\NetworkExplorer.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Explorer
ExplorerFrame.dll 74790000 36864 C:\Windows\system32\ExplorerFrame.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) ExplorerFrame
MLANG.dll 6fe80000 196608 C:\Windows\system32\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi Language Support DLL
stobject.dll 720d0000 598016 C:\Windows\system32\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205) Systray shell service object
BatMeter.dll 721d0000 745472 C:\Windows\system32\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Battery Meter Helper DLL
WINSTA.dll 75490000 151552 C:\Windows\system32\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Winstation Library
es.dll 73720000 286720 C:\Windows\system32\es.dll 2001.12.6932.18005 (lh_sp2rtm.090410-1830) COM+
SndVolSSO.dll 71280000 196608 C:\Windows\System32\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) SCA Volume
MMDevApi.dll 74be0000 163840 C:\Windows\System32\MMDevApi.dll 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
AUDIOSES.DLL 73f70000 135168 C:\Windows\system32\AUDIOSES.DLL 6.0.6002.18005 (lh_sp2rtm.090410-1830) Audio Session
audioeng.dll 73f00000 417792 C:\Windows\system32\audioeng.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Audio Engine
AVRT.dll 74ab0000 28672 C:\Windows\system32\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multimedia Realtime Runtime
ehSSO.dll 71240000 135168 C:\Windows\ehome\ehSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Media Center Shell Service Object
HID.DLL 73d80000 36864 C:\Windows\system32\HID.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Hid User Library
FirewallAPI.dll 74cd0000 417792 C:\Windows\system32\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Firewall API
netshell.dll 6f6c0000 3190784 C:\Windows\System32\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Shell
IPHLPAPI.DLL 752b0000 102400 C:\Windows\System32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 75270000 217088 C:\Windows\System32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 756e0000 180224 C:\Windows\System32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 75710000 28672 C:\Windows\System32\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Store Information RPC interface
dhcpcsvc6.DLL 75240000 139264 C:\Windows\System32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
nlaapi.dll 74180000 61440 C:\Windows\System32\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Location Awareness 2
pnidui.dll 6fb20000 1830912 C:\Windows\system32\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network System Icon
QUtil.dll 74500000 94208 C:\Windows\system32\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Utilities
wlanutil.dll 73390000 24576 C:\Windows\system32\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 Utility DLL
npmproxy.dll 6c7f0000 32768 C:\Windows\System32\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network List Manager Proxy
fdproxy.dll 74740000 40960 C:\Windows\system32\fdproxy.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Function Discovery Proxy Dll
Wlanapi.dll 6a090000 73728 C:\Windows\system32\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 73400000 1556480 C:\Windows\system32\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) IEEE 802.1X supplicant library
eappprxy.dll 736b0000 57344 C:\Windows\system32\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 733d0000 147456 C:\Windows\system32\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eap Peer Config
bcrypt.dll 751a0000 282624 C:\Windows\system32\bcrypt.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Windows Cryptographic Primitives Library
AltTab.dll 74680000 53248 C:\Windows\System32\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Alt Tab
wpdshserviceobj.dll 71220000 102400 C:\Windows\system32\wpdshserviceobj.dll 6.0.6002.18112 (vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable Device Shell Service Object
PortableDeviceTypes.dll 70860000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.0.6002.18112 (vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 6c370000 352256 C:\Windows\system32\PortableDeviceApi.dll 6.0.6002.18112 (vistasp2_gdr_win7ip_wpd(wmbla).090930-1800) Windows Portable Device API Components
taskschd.dll 6ff90000 368640 C:\Windows\system32\taskschd.dll 6.0.6000.16386 (vista_rtm.061101-2205) Task Scheduler COM API
XmlLite.dll 74a60000 192512 C:\Windows\system32\XmlLite.dll 1.2.1009.0 Microsoft XmlLite Library
srchadmin.dll 70790000 315392 C:\Windows\System32\srchadmin.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Indexing Options
webcheck.dll 70750000 249856 C:\Windows\System32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
SyncCenter.dll 68260000 2211840 C:\Windows\System32\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sync Center
wscntfy.dll 707f0000 233472 C:\Windows\system32\wscntfy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Security Center Notification App
WSCAPI.dll 6eee0000 45056 C:\Windows\system32\WSCAPI.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Windows Security Center API
mssprxy.dll 6af20000 45056 C:\Windows\system32\mssprxy.dll 7.00.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Search Proxy
QAgent.dll 74520000 188416 C:\Windows\System32\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Agent Proxy
SXS.DLL 75900000 389120 C:\Windows\system32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
bthprops.cpl 701d0000 667648 C:\Windows\system32\bthprops.cpl 6.0.6002.18005 (lh_sp2rtm.090410-1830) Bluetooth Control Panel Applet
MPR.dll 75450000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
sysenv.dll 3b20000 303104 C:\Windows\system32\sysenv.dll 2, 5, 3021, 104 System share library
WINSPOOL.DRV 73a80000 270336 C:\Windows\system32\WINSPOOL.DRV 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Spooler Driver
comdlg32.dll 75d20000 471040 C:\Windows\system32\comdlg32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Common Dialogs DLL
WINMM.dll 744b0000 204800 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
wdmaud.drv 74110000 192512 C:\Windows\system32\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205) Winmm audio system driver
ksuser.dll 74190000 16384 C:\Windows\system32\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205) User CSA Library
msacm32.drv 749c0000 36864 C:\Windows\system32\msacm32.drv 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sound Mapper
MSACM32.dll 749a0000 81920 C:\Windows\system32\MSACM32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft ACM Audio Filter
midimap.dll 74990000 28672 C:\Windows\system32\midimap.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft MIDI Mapper
d3d9.dll 72cb0000 1810432 C:\Windows\system32\d3d9.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Microsoft Direct3D
d3d8thk.dll 73340000 24576 C:\Windows\system32\d3d8thk.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Direct3D OS Thunk Layer
PhotoBase.dll 74770000 49152 C:\Program Files\Windows Photo Gallery\PhotoBase.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Photo Base Library
mscms.dll 70590000 401408 C:\Windows\system32\mscms.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Color Matching System DLL
icm32.dll 6eef0000 229376 C:\Windows\system32\icm32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Color Management Module (CMM)
WMVCore.DLL 65fc0000 2404352 C:\Windows\System32\WMVCore.DLL 11.0.6002.18049 (vistasp2_gdr.090609-2338) Windows Media Playback/Authoring DLL
WMASF.DLL 6a1f0000 233472 C:\Windows\System32\WMASF.DLL 11.0.6001.7000 (longhorn_rtm.080118-1840) Windows Media ASF DLL
msdmo.dll 6ed00000 45056 C:\Windows\system32\msdmo.dll 6.6.6001.18000 (longhorn_rtm.080118-1840) DMO Runtime
MFPlat.DLL 737c0000 221184 C:\Windows\System32\MFPlat.DLL 11.0.6002.18005 (lh_sp2rtm.090410-1830) Media Foundation Platform DLL
SqmApi.dll 6ed10000 147456 C:\Program Files\Windows Portable Devices\SqmApi.dll 6.0.6000.16386 (vista_rtm.061101-2205) SQM Client
zipfldr.dll 70140000 356352 C:\Windows\system32\zipfldr.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Compressed (zipped) Folders
Cabinet.dll 74a90000 86016 C:\Windows\system32\Cabinet.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft® Cabinet File API
shacct.dll 69f40000 90112 C:\Windows\System32\shacct.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Shell Accounts Classes
NLSData0009.dll 653f0000 4886528 C:\Windows\System32\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 66c70000 2650112 C:\Windows\System32\NLSLexicons0009.dll 6.0.6002.18005 (lh_sp2rtm.090410-1830) Microsoft English Natural Language Server Data and Code
eDSshellExt.dll 10000000 339968 C:\Windows\system32\eDSshellExt.dll 2, 5, 0, 16 Shell Extension Module
mbamext.dll 2830000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
syncui.dll 727f0000 188416 C:\Windows\system32\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Briefcase
SYNCENG.dll 746a0000 90112 C:\Windows\system32\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Briefcase Engine
avgse.dll 6c330000 118784 C:\Program Files\AVG\AVG9\avgse.dll 9.0.0.663 AVG Shell Extension
MSVCP80.dll 6ee20000 552960 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCP80.dll 8.00.50727.4053 Microsoft® C++ Runtime Library
MSVCR80.dll 75860000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll 8.00.50727.4053 Microsoft® C Runtime Library
MpOav.dll 6b180000 90112 C:\Program Files\Windows Defender\MpOav.dll 1.1.1600.0 IOfficeAntiVirus Module
tiptsf.dll 6f260000 393216 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 6.0.6000.16386 (vista_rtm.061101-2205) Tablet PC Input Panel Text Services Framework
eDStoolbar.dll 3490000 159744 C:\Windows\system32\eDStoolbar.dll 2, 5, 3022, 14 eDStoolbar Module
ATL80.DLL 6a020000 110592 C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL 8.00.50727.4053 ATL Module for Windows (Unicode)
AcroIEHelper.dll 32c0000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
ActiveToolBand.dll 38c0000 307200 C:\Windows\system32\ActiveToolBand.dll 3, 0, 0, 2 ActiveToolBand Module
thumbcache.dll 70520000 90112 C:\Windows\system32\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Thumbnail Cache
MSISIP.DLL 74780000 32768 C:\Windows\system32\MSISIP.DLL 4.5.6002.18005 (lh_sp2rtm.090410-1830) MSI Signature SIP Provider
wshext.dll 6f240000 90112 C:\Windows\system32\wshext.dll 5.7.0.6000 Microsoft (R) Shell Extension for Windows script Host



******************************************
EOF

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 12th January 2010, 8:33 am

Am having trouble pasting into the Virus Total Box paste option doesnt appear having copied OK.
here is combofix log
Happy New Year by the way hope you werent working too hard throughout the holidays!

ComboFix 10-01-11.03 - Hunter 12/01/2010 7:42.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.893.352 [GMT 0:00]
Running from: c:\users\Hunter\Desktop\Commy.exe
Command switches used :: c:\users\Hunter\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 07:52 . 2010-01-12 07:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-12 07:52 . 2010-01-12 07:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-11 16:49 . 2010-01-11 16:50 -------- d-----w- C:\Commy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 07:53 . 2007-12-16 09:42 -------- d-----w- c:\users\Hunter\AppData\Roaming\Skype
2010-01-12 05:54 . 2007-12-16 09:45 -------- d-----w- c:\users\Hunter\AppData\Roaming\skypePM
2010-01-11 16:42 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-28 10:25 . 2009-11-25 09:45 -------- d-----w- c:\programdata\avg9
2009-12-15 11:59 . 2007-09-07 16:41 103784 ----a-w- c:\users\Hunter\GoToAssistDownloadHelper.exe
2009-12-14 12:17 . 2009-08-13 10:02 -------- d-----w- c:\users\Hunter\AppData\Roaming\HpUpdate
2009-12-14 12:15 . 2007-09-28 15:41 -------- d-----w- c:\program files\HP
2009-12-10 21:15 . 2007-09-28 15:49 130579 ------w- c:\windows\hpoins18.dat
2009-12-09 03:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 03:09 . 2007-09-07 14:39 -------- d-----w- c:\programdata\Microsoft Help
2009-12-02 12:56 . 2009-12-02 12:57 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD583.tmp.exe
2009-12-02 10:00 . 2009-12-02 10:00 -------- d-----w- c:\program files\ESET
2009-11-27 09:18 . 2009-11-27 09:18 -------- d-----w- c:\program files\Trend Micro
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\users\Hunter\AppData\Roaming\Malwarebytes
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 11:04 . 2009-11-25 11:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-25 09:55 . 2008-12-15 14:02 -------- d-----w- c:\program files\AVG
2009-11-25 09:51 . 2009-11-25 09:49 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-25 09:49 . 2009-02-04 08:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-25 09:49 . 2008-12-15 14:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-25 09:49 . 2008-12-15 14:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-25 09:49 . 2008-12-15 14:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-21 06:40 . 2009-12-08 23:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 23:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-08 23:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-08 23:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 03:21 . 2009-11-18 03:21 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 03:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 03:20 . 2009-11-18 03:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 12:31 . 2009-12-09 03:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 03:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-02 20:42 . 2009-10-03 01:14 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 03:01 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-23 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-28 2033432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
Logicool SetPoint.lnk - c:\program files\Logicool\SetPoint\SetPoint.exe [2009-10-31 809488]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-8-30 181592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,e8,f7,9e,37,43,ca,01

R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\System32\drivers\SI3112r.sys [29/08/2007 01:04 116264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [15/12/2008 14:04 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 08:15 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [25/11/2009 09:48 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/11/2009 09:47 285392]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [30/07/2008 15:58 21504]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [14/11/2006 12:39 31232]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [18/11/2008 16:34 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-06 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-12 07:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4960)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\program files\Logicool\SetPoint\lgscroll.dll
.
Completion time: 2010-01-12 07:58:18
ComboFix-quarantined-files.txt 2010-01-12 07:58
ComboFix2.txt 2010-01-11 17:16
ComboFix3.txt 2009-12-10 07:55
ComboFix4.txt 2009-12-09 08:18

Pre-Run: 4,673,736,704 bytes free
Post-Run: 4,654,841,856 bytes free

- - End Of File - - AB421DB49F71FA79D178185D13E2BCCB

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 12th January 2010, 8:42 am

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File userinit.exe received on 2010.01.12 08:36:44 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3554 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4762 2010.01.11 -
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2131 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
Additional information
File size: 25088 bytes
MD5...: 0e135526e9785d085bcd9aede6fbcbf9
SHA1..: d15244d41efddbab08d53fe032aedff39091d3af
SHA256: 75eea7e5ae90d857b777361a0166f9a82e354f229fd5250af8738364e6fb45db
ssdeep: 384:19KvuowvkKP3vaAf7MQHZa34SACInaPGvF6xUqYzuSSqm6qFWd3ymWfG:XwI
PPZAJxGt/q6sqw1n

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2ae5
timedatestamp.....: 0x47918d87 (Sat Jan 19 05:41:27 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4a2d 0x4c00 6.04 a21b68c5650468c1bc36f74b6c0ca26b
.data 0x6000 0x498 0x600 0.71 1c4544d585aae74667954f292fb15884
.rsrc 0x7000 0x780 0x800 4.04 9110c031f7af84bd01ee2d772a5521bd
.reloc 0x8000 0x3d0 0x400 6.50 2e13e6c4860701e4a4d0db6e88af4c7c

( 9 imports )
> USER32.dll: GetSystemMetrics, SystemParametersInfoW, MessageBoxW, LoadStringW, LoadRemoteFonts, CreateWindowExW, ExitWindowsEx, GetKeyboardLayout, CharNextW, DefWindowProcW, RegisterClassExW, DestroyWindow
> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyW, RegDeleteTreeW, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey
> CRYPT32.dll: CryptProtectData
> ntdll.dll: RtlInitUnicodeString, NtOpenKey, NtClose, DbgPrint
> NETAPI32.dll: NetApiBufferFree, DsGetDcNameW
> WLDAP32.dll: -, -, -, -, -, -
> USERENV.dll: -
> KERNEL32.dll: GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, InterlockedExchange, DelayLoadFailureHook, ExpandEnvironmentStringsA, LoadLibraryA, InterlockedCompareExchange, HeapSetInformation, GetCurrentThread, SetThreadPriority, CreateThread, SetCurrentDirectoryW, FormatMessageW, GetCurrentProcess, GetFileAttributesExW, GetSystemDirectoryW, SetLastError, ExpandEnvironmentStringsW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, SearchPathW, SetEnvironmentVariableW, GetLastError, CloseHandle, WaitForSingleObject, Sleep, OpenEventW, SetEvent, GetUserDefaultLangID
> msvcrt.dll: exit, _acmdln, _initterm, memmove, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _ismbblead, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _XcptFilter, _vsnwprintf, _exit, _cexit, __getmainargs, _wcsicmp, __set_app_type, memset, _amsg_exit

( 0 exports )

RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
pdfid.: -

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 12th January 2010, 8:53 am

Here is the second virus Total

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

File oleacc.dll received on 2010.01.12 08:44:43 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 60 and 85 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.12 -
AhnLab-V3 5.0.0.2 2010.01.12 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.12 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.12 -
CAT-QuickHeal 10.00 2010.01.12 -
ClamAV 0.94.1 2010.01.12 -
Comodo 3554 2010.01.12 -
DrWeb 5.0.1.12222 2010.01.12 -
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7232 2010.01.12 -
F-Prot 4.5.1.85 2010.01.12 -
F-Secure 9.0.15370.0 2010.01.12 -
Fortinet 4.0.14.0 2010.01.12 -
GData 19 2010.01.12 -
Ikarus T3.1.1.80.0 2010.01.12 -
Jiangmin 13.0.900 2010.01.12 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.12 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 -
McAfee-GW-Edition 6.8.5 2010.01.12 -
Microsoft 1.5302 2010.01.12 -
NOD32 4762 2010.01.11 -
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.12 -
Panda 10.0.2.2 2010.01.11 -
PCTools 7.0.3.5 2010.01.12 -
Prevx 3.0 2010.01.12 -
Rising 22.30.01.03 2010.01.12 -
Sophos 4.49.0 2010.01.12 -
Sunbelt 3.2.1858.2 2010.01.12 -
Symantec 20091.2.0.41 2010.01.12 -
TheHacker 6.5.0.3.147 2010.01.12 -
TrendMicro 9.120.0.1004 2010.01.12 -
VBA32 3.12.12.1 2010.01.12 -
ViRobot 2010.1.12.2131 2010.01.12 -
VirusBuster 5.0.21.0 2010.01.11 -
Additional information
File size: 234496 bytes
MD5...: 2ed5c3a4cbc59d19881164f697cf960d
SHA1..: 8c734273ff358780a47c933190aa8b11a415ff98
SHA256: 8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6
ssdeep: 3072:kFc/VcmGdv/XSNunYEsAoSpP1MZPw6nFOxvjrntWNi8UTwo/INHZbmmz6Rc
y:kF2ql/XPn3scpP1pLxLrntyi1d/gHZ4

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2550
timedatestamp.....: 0x46f7ce41 (Mon Sep 24 14:48:33 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x53600 0x53600 0.25 ee31768962dce28a13a8e22c5d36d537
.rdata 0x55000 0x364 0x400 4.65 ad321e5e0f4a01329c71108c888f93db
.data 0x56000 0xc3e90 0xc4000 7.27 625983a12d28ea80698a29030d46a389
.rsrc 0x11a000 0x48b8 0x4a00 3.84 1f0463887dcde9f7b42ecf5823d02152

( 1 imports )
> KERNEL32.dll: GetCurrentProcess, GetSystemDefaultLangID, GetVersion, GetCurrentThreadId, GetUserDefaultLCID, GetModuleHandleA, GetModuleHandleW, GetCommandLineW, GetCurrentThread, GetTickCount, GetCommandLineA, GetLastError, GetSystemDefaultLCID, GetUserDefaultLangID, VirtualAlloc, InterlockedIncrement, GetProcAddress, GetACP, FindNextFileA, SetEndOfFile, FormatMessageA, HeapDestroy, QueryPerformanceCounter, DeleteFileA, WaitForSingleObject, GetModuleFileNameW, UnmapViewOfFile, GetStdHandle, TerminateProcess, LocalFree

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Active Accessibility Core Component
original name: OLEACC.DLL
internal name: OLEACC
file version.: 7.0.6002.18155 (vistasp2_gdr_win7ip_uia(wmbla).091008-1406)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: DirectShow filter (43.0%)
Windows OCX File (26.3%)
Win64 Executable Generic (18.2%)
Win32 Executable MS Visual C++ (generic) (8.0%)
Win32 Executable Generic (1.8%)

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 12th January 2010, 8:58 am

tried to get the file c:\windows\bthservsdp.dat into Virus Total but couldnt paste the file path. On browsing for the file it pasted OK but said i didnt have permission to open it.
so I havnt succeeded on that one.
Hope you now have all the info.......

Thanks very much. Sorry for the delay in posting all these but the holiday season and visitors took over!

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: computer a little slow and quirky

Post by njrh on 18th January 2010, 9:19 am

bump! Havnt heard since the 11th.
I would be so grateful of you could take a look at all the logs I posted.
Thanks

njrh
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-11-23
OS OS : XP
Points Points : 26343
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum