General Slowdown. Odd behaviour and Unusual "War" with threats

zyrolasting · 04-16-2008, 11:18 PM

Alright, my PC is suffering a slowdown in all aspects, notably explorer browsers. Scans of several softwares, (including the ones in the 5 steps of this forum's sticky) show infections from Tracking Cookies. A Trojan.Agent.js has been quarantined by AVG AS.

Despite that, there is still system lag. My only assumption is carelessness on my part on a drive-by surf.

Other info.

Commit Charge approx. 530/4700
I have 3 gigs of RAM, but why I'm getting a higher denominator is beyond me, especially with the 4GB XP RAM limitation. To be honest, I'm not hardware oriented. At all. For all I know this may not even be related to RAM, but I did install more and this dramatic increase of more than double my input was just unusual to me.

CPU less than 5%, but sure not acting like it.

I recently reinstalled Windows after a nightmarish encounter I had with what I would assume is Win32.Small (Caught in Spybot). Unsure if some freaky snippet kept it alive.

RAID 1 Setup 250GB

I frequently find viruses that are always cured in System Volume Information on all drives. They appear most frequently in E:\ and F:\, which are SeaGate FreeAgent External HDs. 500GB and 300GB respectively. C:\ is not spared. These viruses were discovered over time, and were from different families as I remember. All were purged, unsure if false positives were possible. AVG AV, Panda and BitDefender caught them at one time or another.

Firefox crashed during a Panda Scan about half an hour ago when it was about finished. 5 infections, no vulnerabilities. No names b/c of crash.
Running scan again.

I've had a generally secure setup, but I also am flawed in allowing guests to use my computer on request. I love this beautiful piece of machinery; I can't stand the idea of reinstalling a couple of days after doing so already. Activity on my PC is like a war zone. While I purge several infections frequently, they seem to return even when a internet browser is not active. It's time I got a more professional opinion.

I want to note that my performance is good in "pockets". In fact, right now it seems better. However, I have experienced enough to live with "Better safe than sorry". I would like any information I can get on what can be a disturbance.

I'm sorry for some vagueness; I wish I could be more specific.

Extra .txt attached.

Deckard's System Scanner v20071014.68
Run by Zyro Lasting on 2008-04-17 02:07:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
62: 2008-04-17 06:07:48 UTC - RP62 - Deckard's System Scanner Restore Point
61: 2008-04-17 05:47:23 UTC - RP61 - Software Distribution Service 3.0
60: 2008-04-17 05:45:34 UTC - RP60 - Software Distribution Service 3.0
59: 2008-04-17 04:25:05 UTC - RP59 - Installed Ad-Aware 2007
58: 2008-04-17 03:52:05 UTC - RP58 - Installed Windows XP KB921503.

-- First Restore Point --
1: 2008-04-14 02:29:13 UTC - RP1 - Installed Windows Media Player 10

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Zyro Lasting.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:59 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\Zyro Lasting\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Zyro Lasting.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AlienFX Controller] "C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 8501 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 PStrip - c:\windows\system32\drivers\pstrip.sys <Not Verified; EnTech Taiwan; PowerStrip>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-17 01:46:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-17 00:25:07 0 d-------- C:\Program Files\Lavasoft
2008-04-17 00:25:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 00:24:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 00:19:49 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Comodo
2008-04-17 00:19:48 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-04-17 00:19:47 0 d-------- C:\Program Files\COMODO
2008-04-17 00:01:25 0 d-------- C:\Program Files\SpywareBlaster
2008-04-17 00:00:19 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Grisoft
2008-04-16 23:41:52 0 d-------- C:\ie-spyad_zo
2008-04-16 23:36:17 0 d-------- C:\WINDOWS\LastGood
2008-04-16 23:35:33 0 d-------- C:\Program Files\Panda Security
2008-04-16 14:37:05 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-16 13:51:05 0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-16 04:33:10 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-16 04:33:10 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-16 04:31:20 0 d-------- C:\Program Files\Microsoft.NET
2008-04-16 04:31:20 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-16 04:31:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 04:31:10 0 d-------- C:\Program Files\Microsoft SDKs
2008-04-16 04:30:42 0 d-------- C:\Program Files\MSBuild
2008-04-16 04:30:40 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-16 04:30:37 0 d-------- C:\Program Files\Reference Assemblies
2008-04-15 21:05:23 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-15 20:11:13 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\OpenOffice.org2
2008-04-15 18:21:50 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-15 18:21:05 0 d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2008-04-15 18:21:01 0 d--h----- C:\CanonMP
2008-04-15 15:40:38 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-04-15 15:40:37 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-04-15 15:40:37 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-15 15:40:32 0 d-------- C:\Program Files\Linksys
2008-04-15 15:23:06 2415 --a------ C:\WINDOWS\mozver.dat
2008-04-14 23:28:37 0 d-------- C:\Program Files\Alienware
2008-04-14 23:19:18 0 d-------- C:\Program Files\PowerStrip
2008-04-14 22:20:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-14 20:30:49 0 d-------- C:\Program Files\Seagate
2008-04-14 20:30:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-04-14 20:30:27 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-14 20:30:26 0 d-------- C:\Program Files\MSXML 6.0
2008-04-14 20:26:40 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Logitech
2008-04-14 20:26:33 0 d-------- C:\Program Files\Common Files\LogiShared
2008-04-14 20:26:33 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Leadertech
2008-04-14 20:24:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-14 20:24:47 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-14 20:24:47 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-14 20:24:47 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-14 20:24:47 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-04-14 20:24:37 0 d-------- C:\Program Files\Logitech
2008-04-14 20:24:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-14 20:24:36 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-14 20:24:31 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\InstallShield
2008-04-14 20:22:09 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-14 20:19:06 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-14 17:18:44 0 d-------- C:\Temp
2008-04-14 17:18:41 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Syntrillium
2008-04-14 17:16:49 0 d-------- C:\Program Files\coolpro2
2008-04-14 17:04:31 0 d-------- C:\WINDOWS\Sun
2008-04-14 16:04:05 0 d-------- C:\Program Files\MSXML 4.0
2008-04-14 16:03:12 0 d-------- C:\Program Files\Microsoft Games
2008-04-14 02:02:10 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Lost Marble
2008-04-14 02:01:46 0 d-------- C:\Program Files\uTorrent
2008-04-14 02:01:42 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\uTorrent
2008-04-14 02:01:14 0 d-------- C:\Program Files\e frontier
2008-04-14 01:09:04 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Macromedia
2008-04-14 01:07:54 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-14 01:07:38 0 d-------- C:\Program Files\Java
2008-04-14 01:07:37 0 d-------- C:\Program Files\Common Files\Java
2008-04-14 01:07:32 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Sun
2008-04-14 01:02:25 0 d-------- C:\Program Files\Game_Maker7
2008-04-14 00:53:48 0 d-------- C:\Program Files\CD Programs
2008-04-14 00:51:24 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 00:51:21 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-04-14 00:49:00 0 d-------- C:\Program Files\Security
2008-04-14 00:40:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 00:40:04 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Mozilla
2008-04-14 00:05:17 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-14 00:04:43 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Ahead
2008-04-14 00:02:33 0 d-------- C:\Program Files\Nero
2008-04-14 00:02:33 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-14 00:02:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-13 23:58:17 0 d-------- C:\Program Files\Winamp
2008-04-13 23:58:17 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Winamp
2008-04-13 23:36:42 0 dr-h----- C:\Documents and Settings\Zyro Lasting\Recent
2008-04-13 23

38 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-13 23:05:25 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\AVG7
2008-04-13 23:05:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-13 23:05:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-13 23:05:15 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-13 23:03:10 0 d-------- C:\WINDOWS\network diagnostic
2008-04-13 22:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-13 22:56:14 0 d-------- C:\Program Files\Bonjour
2008-04-13 22:55:59 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Adobe
2008-04-13 22:54:01 0 d-------- C:\Program Files\Trend Micro
2008-04-13 22:50:10 0 d--hs---- C:\Documents and Settings\Zyro Lasting\UserData
2008-04-13 22:49:21 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-13 22:48:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 22:46:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 22:43:16 0 d-------- C:\WINDOWS\system32\Lang
2008-04-13 22:41:22 0 d-------- C:\Program Files\PowerISO
2008-04-13 22:38:53 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\WinRAR
2008-04-13 22:37:40 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-13 22:37:21 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-13 22:37:06 0 d-------- C:\Program Files\Realtek
2008-04-13 22:37:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 22:37:03 499712 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-13 22:36:48 0 d-------- C:\WINDOWS\nview
2008-04-13 22:36:05 0 d-------- C:\NVIDIA
2008-04-13 22:35:42 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-13 22:34:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-13 22:33:12 0 d-------- C:\Documents and Settings\Zyro Lasting\Application Data\Identities
2008-04-13 22:29:34 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-13 22:29:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-13 22:29:13 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-13 22:29:07 0 d--h----- C:\Documents and Settings\Zyro Lasting\Templates
2008-04-13 22:29:07 0 dr------- C:\Documents and Settings\Zyro Lasting\Start Menu
2008-04-13 22:29:07 0 dr-h----- C:\Documents and Settings\Zyro Lasting\SendTo
2008-04-13 22:29:07 0 d--h----- C:\Documents and Settings\Zyro Lasting\PrintHood
2008-04-13 22:29:07 8388608 --ah----- C:\Documents and Settings\Zyro Lasting\NTUSER.DAT
2008-04-13 22:29:07 0 d--h----- C:\Documents and Settings\Zyro Lasting\NetHood
2008-04-13 22:29:07 0 dr------- C:\Documents and Settings\Zyro Lasting\My Documents
2008-04-13 22:29:07 0 d--h----- C:\Documents and Settings\Zyro Lasting\Local Settings
2008-04-13 22:29:07 0 dr------- C:\Documents and Settings\Zyro Lasting\Favorites
2008-04-13 22:29:07 0 d-------- C:\Documents and Settings\Zyro Lasting\Desktop
2008-04-13 22:29:07 0 d--hs---- C:\Documents and Settings\Zyro Lasting\Cookies
2008-04-13 22:29:07 0 dr-h----- C:\Documents and Settings\Zyro Lasting\Application Data
2008-04-13 22:28:12 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-13 22:28:00 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-13 22:28:00 0 d-------- C:\WINDOWS\Prefetch
2008-04-13 22:27:59 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-13 22:27:59 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-13 22:27:59 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-13 22:27:59 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-13 22:27:59 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-13 22:27:29 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-13 22:27:29 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-13 22:27:29 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-13 22:27:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-13 22:27:29 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-13 22:25:18 0 d-------- C:\WINDOWS\system32\xircom
2008-04-13 22:25:18 0 d-------- C:\Program Files\microsoft frontpage
2008-04-13 22:25:10 0 -rahs---- C:\MSDOS.SYS
2008-04-13 22:25:10 0 -rahs---- C:\IO.SYS
2008-04-13 22:25:10 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-13 22:25:10 0 --a------ C:\CONFIG.SYS
2008-04-13 22:25:10 0 --a------ C:\AUTOEXEC.BAT
2008-04-13 22:24:24 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-13 22:24:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-13 22:24:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-13 22:24:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-13 22:24:00 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-13 22:23:34 0 d---s---- C:\WINDOWS\Tasks
2008-04-13 22:23:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-13 22:23:30 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-13 22:23:30 0 d-------- C:\WINDOWS\srchasst
2008-04-13 22:23:24 0 d-------- C:\Program Files\Movie Maker
2008-04-13 22:23:18 0 d-------- C:\WINDOWS\system32\Restore
2008-04-13 22:22:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-13 22:22:53 0 d-------- C:\WINDOWS\Registration
2008-04-13 22:22:51 0 d-------- C:\Program Files\Online Services
2008-04-13 22:22:49 0 d-------- C:\Program Files\Messenger
2008-04-13 22:22:46 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-13 22:22:15 0 d-------- C:\Program Files\Windows NT
2008-04-13 22:22:13 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-13 22:22:12 0 d-------- C:\WINDOWS\system32\Com
2008-04-13 15:19:15 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-13 15:16:24 0 d--hs---- C:\WINDOWS\Installer
2008-04-13 15:16:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-13 15:16:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-13 15:16:21 0 dr------- C:\Program Files
2008-04-13 15:16:21 0 d-------- C:\Program Files\Common Files
2008-04-13 15:16:06 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-13 15:16:06 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-13 15:16:06 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-13 15:16:06 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-13 15:16:06 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-13 15:16:06 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-13 15:16:06 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-13 15:16:06 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-13 15:16:06 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-13 15:16:06 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-13 15:16:06 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-13 15:16:06 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-13 15:16:06 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-13 15:16:06 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-13 15:16:06 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-13 15:16:06 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-13 15:15:58 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-13 15:15:58 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-13 15:15:53 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-13 15:15:53 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-13 15:15:52 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-13 15:15:52 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-13 15:15:34 0 d-------- C:\Documents and Settings
2008-04-13 15:15:33 0 d--hs---- C:\System Volume Information
2008-04-13 15:13:56 0 d-------- C:\ALIENWARE
2008-04-13 15:09:37 0 d-------- C:\WINDOWS
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\WinSxS
2008-04-13 15:09:37 0 dr------- C:\WINDOWS\Web
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\twain_32
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\wins
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\wbem
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\usmt
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\spool
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\Setup
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\ras
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\oobe
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\npp
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\mui
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\IME
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\ias
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\export
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\drivers
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-13 15:09:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\config
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\3076
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\2052
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1054
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1042
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1041
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1037
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1033
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1031
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1028
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system32\1025
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\system
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\security
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Resources
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\repair
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Provisioning
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\PeerNet
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\pchealth
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\mui
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\msapps
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\msagent
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Media
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\java
2008-04-13 15:09:37 0 d--h----- C:\WINDOWS\inf
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\ime
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Help
2008-04-13 15:09:37 0 dr--s---- C:\WINDOWS\Fonts
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\ehome
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Driver Cache
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Debug
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Cursors
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\Config
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\AppPatch
2008-04-13 15:09:37 0 d-------- C:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2008-04-13 15:16:06 62 --ahs---- C:\Documents and Settings\Zyro Lasting\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [09/21/2006 06:40 PM]
"SkyTel"="SkyTel.EXE" [05/16/2006 07:04 PM C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 04:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 04:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 04:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [09/12/2006 05:58 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 07:43 PM C:\WINDOWS\Alcmtr.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 04:32 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 02:35 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 06:40 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 01:10 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [10/09/2007 04:21 PM]
"AlienFX Controller"="C:\Program Files\Alienware\Alienware AlienFX\AlienwareAlienFXController.exe" [01/29/2007 11:58 AM]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [04/13/2006 02:21 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 07:25 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [04/17/2008 12:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/31/2005 11:57 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/2006 10:04 PM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [04/14/2008 02:01 AM]

C:\Documents and Settings\Zyro Lasting\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 6:41:28 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/14/2008 8:24:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - GTNDIS5
*Newly Created Service* - RKPAVPROC

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8392 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-04-17 02:09:48 ------------

I will offer any other info I can.