Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Computer is running slower then usual
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-30-2009, 11:40 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 19
OS: Windows XP


Computer is running slower then usual
Hi guys my computer has been running slower then usual lately and i think i might have caught a virus somewhere. Thank You for your time.

Here is my DDS Log :


DDS (Ver_09-10-26.01) - NTFSx86
Run by WinXP at 9:16:46.10 on Fri 10/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.497 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Planex\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\WinXP\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\winxp\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PlayNC Launcher]
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Dimondback] c:\program files\razer\diamondback\razerhid.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\planex~1.lnk - c:\program files\planex\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runreg~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Translate with ATLAS - c:\program files\atlas v14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files\atlas v14\AtlscriptEdit.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\PPLive.exe
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v14\Atlscript.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} - hxxp://app.gomtv.com/gomtv/gomtvx.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\winxp\applic~1\mozilla\firefox\profiles\zim2kwmf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\winxp\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\winxp\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\octoshape streaming services\winxp\octoprogram-l03-nms0806110_sua_900\npoctoshape.dll
FF - plugin: c:\program files\octoshape streaming services\winxp\octoprogram-l03-nms0806260_sua_000\npoctoshape.dll
FF - plugin: c:\program files\octoshape streaming services\winxp\octoprogram-l03-nms0810164_sua_000\npoctoshape.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-22 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-22 297752]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\planex\common\RalinkRegistryWriter.exe [2009-8-20 75040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-6 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2009-1-30 29184]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-5 36928]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2009-8-20 16512]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2006-1-13 13225]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2007-2-1 26368]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-1-30 27904]
S4 Trk64ervnnmp;Trk64ervnnmp; [x]

=============== Created Last 30 ================

2009-10-22 18:43:42 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-17 04:31:26 0 d-----w- c:\program files\HyCam2
2009-10-01 03:27:51 0 d-----w- c:\program files\Livestream Procaster

==================== Find3M ====================

2009-10-29 00:10:47 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2009-09-15 02:20:49 99420 ----a-w- c:\windows\War3Unin.dat
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:55:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:58:28 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13:35 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 9:17:36.89 ===============
Attached Files
File Type: zip Attach.zip (6.6 KB, 5 views)
IamJoe is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-01-2009, 09:44 AM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,359
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Computer is running slower then usual
Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to xxxx.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompts.
  • When finished it will produce a log at C:\ComboFix.txt for you
  • Please include the log in your next reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2009, 02:44 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 19
OS: Windows XP


Re: Computer is running slower then usual
Thank you for helping me Iain. Btw after running Combofix it made a internet exploror icon on my desktop and mad my firefox run on safe mode. Is this normal?

Here is my ComboFix Log:


ComboFix 09-10-30.01 - WinXP 11/01/2009 15:44.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.609 [GMT -5:00]
Running from: c:\documents and settings\WinXP\My Documents\Downloads\xxxx.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\WinXP\Local Settings\Tempals_inst.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 21:25 . 2005-01-17 05:43 88576 ----a-r- c:\windows\system32\drivers\nvatabus_2.sys
2009-10-22 19:10 . 2009-10-22 19:11 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\Temp
2009-10-22 18:43 . 2009-10-22 18:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-17 04:31 . 2009-10-17 04:31 -------- d-----w- c:\program files\HyCam2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 02:04 . 2009-10-01 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-29 00:10 . 2009-08-05 04:41 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2009-10-27 02:13 . 2008-02-04 17:37 -------- d-----w- c:\documents and settings\WinXP\Application Data\mIRC
2009-10-27 02:03 . 2008-02-04 17:37 -------- d-----w- c:\program files\mIRC
2009-10-23 21:51 . 2009-06-15 19:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-23 21:51 . 2009-06-15 19:34 -------- d-----w- c:\program files\SpywareBlaster
2009-10-23 20:17 . 2008-10-22 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 15:37 . 2007-10-20 21:22 -------- d-----w- c:\program files\Steam
2009-10-01 03:37 . 2009-10-01 03:37 -------- d-----w- c:\program files\NOS
2009-10-01 03:27 . 2009-10-01 03:27 -------- d-----w- c:\program files\Livestream Procaster
2009-09-28 23:09 . 2009-09-28 23:06 -------- d-----w- c:\program files\PS3 Media Server
2009-09-27 05:28 . 2009-09-27 05:28 -------- d-----w- c:\documents and settings\WinXP\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2009-09-27 01:46 . 2009-02-06 02:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-27 01:37 . 2006-03-11 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-15 04:02 . 2008-08-24 03:14 -------- d-----w- c:\program files\Warcraft III
2009-09-15 02:20 . 2008-08-24 03:16 99420 ----a-w- c:\windows\War3Unin.dat
2009-09-14 23:45 . 2007-03-28 02:02 86472 ----a-w- c:\documents and settings\WinXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 23:45 . 2007-02-22 02:11 -------- d-----w- c:\program files\MSN Messenger
2009-09-14 23:43 . 2009-09-14 23:43 -------- d-----w- c:\program files\Microsoft
2009-09-14 23:43 . 2009-09-14 23:33 -------- d-----w- c:\program files\Windows Live
2009-09-14 23:43 . 2009-09-14 23:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-12 17:03 . 2009-09-12 17:03 -------- d-----w- c:\program files\Stardock
2009-09-12 17:03 . 2009-09-12 17:03 -------- d-----w- c:\program files\Common Files\Stardock
2009-09-11 14:33 . 2004-08-04 04:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:21 . 2007-02-21 18:30 -------- d-----w- c:\program files\Java
2009-09-11 05:07 . 2007-02-21 05:04 -------- d-----w- c:\documents and settings\WinXP\Application Data\Apple Computer
2009-09-11 05:05 . 2009-09-11 05:04 -------- d-----w- c:\program files\iTunes
2009-09-11 05:05 . 2009-09-11 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 05:05 . 2009-09-11 05:05 -------- d-----w- c:\program files\iPod
2009-09-11 05:04 . 2009-03-21 18:09 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 05:00 . 2008-07-25 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-10 18:54 . 2008-10-22 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-10-22 21:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 04:55 . 2009-09-08 04:55 -------- d-----w- c:\program files\DIFX
2009-09-04 21:43 . 2008-09-09 03:58 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-04 21:43 . 2008-09-09 03:58 -------- d-----w- c:\program files\DVDVideoSoft
2009-09-04 20:45 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:16 . 2008-07-09 14:50 -------- d-----w- c:\program files\Diablo II
2009-08-29 07:36 . 2004-08-04 04:56 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 04:56 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42 . 2009-03-21 18:10 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-03-21 18:10 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:55 . 2008-10-22 23:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 12:55 . 2008-10-22 23:25 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 12:55 . 2008-10-22 23:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:16 . 2004-08-04 04:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 16:12 . 2009-08-21 16:12 256 ---ha-w- c:\windows\system32\LTAW14FN.BIN
2009-08-21 16:12 . 2009-08-21 16:12 256 ---ha-w- c:\windows\system32\FJLTAFOU.BIN
2009-08-21 01:38 . 2009-08-21 01:38 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-06 23:24 . 2006-03-11 10:42 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-03-11 10:42 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2006-03-11 10:42 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-03-11 10:42 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 04:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-03-11 10:42 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-09-15 05:41 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2009-09-15 05:41 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2006-03-11 10:42 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 13:58 . 2004-08-04 03:18 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-03 22:59 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208]
"Google Update"="c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Dimondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-01-18 147456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-07 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Planex Wireless Utility.lnk - c:\program files\Planex\Common\RaUI.exe [2009-8-20 1667072]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-3-20 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\herophaze\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\WinXP\\OctoshapeClient.exe"=
"c:\\Documents and Settings\\WinXP\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\herophaze\\counter-strike\\hl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:wow1
"6112:TCP"= 6112:TCP:Warcraft
"24841:TCP"= 24841:TCP:BitComet 24841 TCP
"24841:UDP"= 24841:UDP:BitComet 24841 UDP
"8719:TCP"= 8719:TCP:BitComet 8719 TCP
"8719:UDP"= 8719:UDP:BitComet 8719 UDP
"6112:UDP"= 6112:UDP:Warcraft
"6119:TCP"= 6119:TCP:Warcraft Port 2
"6119:UDP"= 6119:UDP:Warcraft Port 2-2
"58853:TCP"= 58853:TCP:Pando Media Booster
"58853:UDP"= 58853:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/22/2008 6:25 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/22/2008 6:25 PM 297752]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Planex\Common\RalinkRegistryWriter.exe [8/20/2009 8:38 PM 75040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/6/2009 2:16 PM 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [1/30/2009 1:39 AM 29184]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 11:56 PM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/4/2009 11:41 PM 36928]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [8/20/2009 6:57 PM 16512]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [1/13/2006 10:36 AM 13225]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2/1/2007 6:01 PM 26368]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [1/30/2009 1:43 AM 27904]
S4 Trk64ervnnmp;Trk64ervnnmp; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-725345543-1003Core.job
- c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:54]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-725345543-1003UA.job
- c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Translate with ATLAS - c:\program files\ATLAS V14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files\ATLAS V14\AtlscriptEdit.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} - hxxp://app.gomtv.com/gomtv/gomtvx.cab
FF - ProfilePath - c:\documents and settings\WinXP\Application Data\Mozilla\Firefox\Profiles\zim2kwmf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\WinXP\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Octoshape Streaming Services\WinXP\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Ricotta_PrincessLover - c:\????????!\UnInstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spgn.sys >>UNKNOWN [0x86F8B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86f6b1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

nvatabus.sys @ 0x0 0x0 bytes

\Driver\nvatabus [ IRP_MJ_CREATE ] 0x86C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_CREATE_NAMED_PIPE ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_CLOSE ] 0x86C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_READ ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_WRITE ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_QUERY_INFORMATION ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SET_INFORMATION ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_QUERY_EA ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SET_EA ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_FLUSH_BUFFERS ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_QUERY_VOLUME_INFORMATION ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SET_VOLUME_INFORMATION ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_DIRECTORY_CONTROL ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_FILE_SYSTEM_CONTROL ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_DEVICE_CONTROL ] 0x886 != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xD2E != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SHUTDOWN ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_LOCK_CONTROL ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_CLEANUP ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_CREATE_MAILSLOT ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_QUERY_SECURITY ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SET_SECURITY ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_POWER ] 0xCCE != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SYSTEM_CONTROL ] 0xA5A != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_DEVICE_CHANGE ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_QUERY_QUOTA ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus [ IRP_MJ_SET_QUOTA ] 0x84C != 0xF72CACD0 nvatabus.sys
\Driver\nvatabus IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-01 16:29
ComboFix-quarantined-files.txt 2009-11-01 21:29
ComboFix2.txt 2008-10-22 14:34

Pre-Run: 3,446,038,528 bytes free
Post-Run: 3,653,873,664 bytes free

- - End Of File - - 26BE59E421050AFEDFCA5FA1126B5FEC
Last edited by IamJoe; 11-01-2009 at 02:46 PM.
IamJoe is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 03:27 PM   #4 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,359
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Computer is running slower then usual
Hi again

Probably something caused by your AV interfering.


Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Online Scan
Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Avast users note:

Please do continue with the online scan at Panda if you receive an alert. It is a false positive from Avast because Panda Antivirus does not encrypt its virus database.

Note that Panda may take several hours to scan your system.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 07:42 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 19
OS: Windows XP


Re: Computer is running slower then usual
Thanks again for helping me. I attached my activescan like u asked. I also want to know if the virus could have spread itself into my external HD.
Attached Files
File Type: txt ActiveScan.txt (2.6 KB, 2 views)
IamJoe is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 01:09 PM   #6 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,359
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Computer is running slower then usual
Impossible to say for sure - you should get your AV to scan your external drive.

Please run combofix again - and this time ensure that your AV is completely disabled.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 06:36 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 19
OS: Windows XP


Re: Computer is running slower then usual
Here is my New Combofix with my AV off this time :)


ComboFix 09-11-03.01 - WinXP 11/03/2009 19:55.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.503 [GMT -5:00]
Running from: c:\documents and settings\WinXP\Desktop\xxxx.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-03 00:20 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-03 00:19 . 2009-11-03 00:19 -------- d-----w- c:\program files\Panda Security
2009-11-01 21:25 . 2005-01-17 05:43 88576 ----a-r- c:\windows\system32\drivers\nvatabus_2.sys
2009-10-22 19:10 . 2009-10-22 19:11 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\Temp
2009-10-22 18:43 . 2009-10-22 18:43 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-17 04:31 . 2009-10-17 04:31 -------- d-----w- c:\program files\HyCam2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 00:59 . 2009-08-05 04:41 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2009-10-29 02:04 . 2009-10-01 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-27 02:13 . 2008-02-04 17:37 -------- d-----w- c:\documents and settings\WinXP\Application Data\mIRC
2009-10-27 02:03 . 2008-02-04 17:37 -------- d-----w- c:\program files\mIRC
2009-10-23 21:51 . 2009-06-15 19:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-23 21:51 . 2009-06-15 19:34 -------- d-----w- c:\program files\SpywareBlaster
2009-10-23 20:17 . 2008-10-22 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 15:37 . 2007-10-20 21:22 -------- d-----w- c:\program files\Steam
2009-10-01 03:37 . 2009-10-01 03:37 -------- d-----w- c:\program files\NOS
2009-10-01 03:27 . 2009-10-01 03:27 -------- d-----w- c:\program files\Livestream Procaster
2009-09-28 23:09 . 2009-09-28 23:06 -------- d-----w- c:\program files\PS3 Media Server
2009-09-27 05:28 . 2009-09-27 05:28 -------- d-----w- c:\documents and settings\WinXP\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2009-09-27 01:46 . 2009-02-06 02:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-27 01:37 . 2006-03-11 11:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-15 04:02 . 2008-08-24 03:14 -------- d-----w- c:\program files\Warcraft III
2009-09-15 02:20 . 2008-08-24 03:16 99420 ----a-w- c:\windows\War3Unin.dat
2009-09-14 23:45 . 2007-03-28 02:02 86472 ----a-w- c:\documents and settings\WinXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 23:45 . 2007-02-22 02:11 -------- d-----w- c:\program files\MSN Messenger
2009-09-14 23:43 . 2009-09-14 23:43 -------- d-----w- c:\program files\Microsoft
2009-09-14 23:43 . 2009-09-14 23:33 -------- d-----w- c:\program files\Windows Live
2009-09-14 23:43 . 2009-09-14 23:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-12 17:03 . 2009-09-12 17:03 -------- d-----w- c:\program files\Stardock
2009-09-12 17:03 . 2009-09-12 17:03 -------- d-----w- c:\program files\Common Files\Stardock
2009-09-11 14:33 . 2004-08-04 04:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:21 . 2007-02-21 18:30 -------- d-----w- c:\program files\Java
2009-09-11 05:07 . 2007-02-21 05:04 -------- d-----w- c:\documents and settings\WinXP\Application Data\Apple Computer
2009-09-11 05:05 . 2009-09-11 05:04 -------- d-----w- c:\program files\iTunes
2009-09-11 05:05 . 2009-09-11 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 05:05 . 2009-09-11 05:05 -------- d-----w- c:\program files\iPod
2009-09-11 05:04 . 2009-03-21 18:09 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 05:00 . 2008-07-25 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-10 18:54 . 2008-10-22 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-10-22 21:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 04:55 . 2009-09-08 04:55 -------- d-----w- c:\program files\DIFX
2009-09-04 20:45 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 04:56 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 04:56 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42 . 2009-03-21 18:10 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-03-21 18:10 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:55 . 2008-10-22 23:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 12:55 . 2008-10-22 23:25 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 12:55 . 2008-10-22 23:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:16 . 2004-08-04 04:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 16:12 . 2009-08-21 16:12 256 ---ha-w- c:\windows\system32\LTAW14FN.BIN
2009-08-21 16:12 . 2009-08-21 16:12 256 ---ha-w- c:\windows\system32\FJLTAFOU.BIN
2009-08-21 01:38 . 2009-08-21 01:38 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-06 23:24 . 2006-03-11 10:42 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-03-11 10:42 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2006-03-11 10:42 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-03-11 10:42 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 04:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-03-11 10:42 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-09-15 05:41 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2009-09-15 05:41 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2006-03-11 10:42 1929952 ----a-w- c:\windows\system32\wuaueng.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-01_21.25.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2009-11-01 20:22 60624 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-11-02 00:45 60624 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-11-02 00:45 400464 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-11-01 20:22 400464 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208]
"Google Update"="c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Dimondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-01-18 147456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-07 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Planex Wireless Utility.lnk - c:\program files\Planex\Common\RaUI.exe [2009-8-20 1667072]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-3-20 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 12:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\herophaze\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\WinXP\\OctoshapeClient.exe"=
"c:\\Documents and Settings\\WinXP\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Steam\\SteamApps\\herophaze\\counter-strike\\hl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:wow1
"6112:TCP"= 6112:TCP:Warcraft
"24841:TCP"= 24841:TCP:BitComet 24841 TCP
"24841:UDP"= 24841:UDP:BitComet 24841 UDP
"8719:TCP"= 8719:TCP:BitComet 8719 TCP
"8719:UDP"= 8719:UDP:BitComet 8719 UDP
"6112:UDP"= 6112:UDP:Warcraft
"6119:TCP"= 6119:TCP:Warcraft Port 2
"6119:UDP"= 6119:UDP:Warcraft Port 2-2
"58853:TCP"= 58853:TCP:Pando Media Booster
"58853:UDP"= 58853:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/2/2009 7:20 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/22/2008 6:25 PM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/22/2008 6:25 PM 297752]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Planex\Common\RalinkRegistryWriter.exe [8/20/2009 8:38 PM 75040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/6/2009 2:16 PM 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [1/30/2009 1:39 AM 29184]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/3/2004 11:56 PM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/4/2009 11:41 PM 36928]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [8/20/2009 6:57 PM 16512]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [1/13/2006 10:36 AM 13225]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2/1/2007 6:01 PM 26368]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [1/30/2009 1:43 AM 27904]
S4 Trk64ervnnmp;Trk64ervnnmp; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-725345543-1003Core.job
- c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:54]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-688789844-725345543-1003UA.job
- c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Translate with ATLAS - c:\program files\ATLAS V14\Atlscript.html
IE: ATLAS Translation &Editor - c:\program files\ATLAS V14\AtlscriptEdit.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} - hxxp://app.gomtv.com/gomtv/gomtvx.cab
FF - ProfilePath - c:\documents and settings\WinXP\Application Data\Mozilla\Firefox\Profiles\zim2kwmf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\documents and settings\WinXP\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Octoshape Streaming Services\WinXP\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 20:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spqt.sys >>UNKNOWN [0x86F8B938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86fd71f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2009-11-04 20:23
ComboFix-quarantined-files.txt 2009-11-04 01:23
ComboFix2.txt 2009-11-01 21:41
ComboFix3.txt 2008-10-22 14:34

Pre-Run: 1,790,062,592 bytes free
Post-Run: 1,751,035,904 bytes free
IamJoe is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 02:58 PM   #8 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,359
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Computer is running slower then usual
Looks much better - how is your system running now?
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 03:23 PM   #9 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 19
OS: Windows XP


Re: Computer is running slower then usual
Its running better now, but is my system clean?

Thanks for the help again :)
IamJoe is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-05-2009, 01:55 PM   #10 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,359
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Computer is running slower then usual
Hi again

All your logs are clean. If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.


The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /Uninstall



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.


Ad-aware 2008 Free Edition
Download and install Ad-Aware 2008 Free Edition. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari



Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.


Web of Trust
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.


ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system.


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-05-2009, 06:04 PM   #11 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 19
OS: Windows XP


Re: Computer is running slower then usual
Thanks again for your Help Iain. Everything looks good :)

Have a nice day.
IamJoe is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:19 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85