Computing.Net > Forums > Security and Virus > Computer really slow

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Computer really slow

Reply to Message Icon
Original Message
Name: BlackCat
Date: February 22, 2007 at 09:17:27 Pacific
Subject: Computer really slow
OS: XP
CPU/Ram: Pentium 4 / 960mb
Model/Manufacturer: Packard bell
Comment:

Hi guys - for the past couple of weeks my computer has been being really slow - could someone have a look to see if i'm clean? BlackCat



Report Offensive Message For Removal

Response Number 1
Name: jabuck
Date: February 22, 2007 at 14:05:07 Pacific
Subject: Computer really slow
Reply: (edit)

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.

Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Report Offensive Follow Up For Removal

Response Number 2
Name: Dacompfixor1
Date: February 22, 2007 at 17:39:39 Pacific
Subject: Computer really slow
Reply: (edit)

Get and run of course make sure they are up to date too: Anti-virus, spyware checkers, and even trojans make it slow so also try a free trojan scanner. Remove any such it finds then if it is still slow defrag. The most common reasons for slowness.


Report Offensive Follow Up For Removal

Response Number 3
Name: coolman
Date: February 23, 2007 at 17:22:31 Pacific
Subject: Computer really slow
Reply: (edit)

The following is a link to my web site with good articles on virus:
http://www.ivirus.net/

any feedback highly appreciated.

thanks
coolman


Report Offensive Follow Up For Removal

Response Number 4
Name: vipergg
Date: February 23, 2007 at 17:41:33 Pacific
Subject: Computer really slow
Reply: (edit)

Go here and follow their instructions explicitly.
http://securitytango.com/


Report Offensive Follow Up For Removal

Response Number 5
Name: Jennifer SUMN
Date: February 24, 2007 at 09:39:18 Pacific
Subject: Computer really slow
Reply: (edit)

Have you run a defrag?

Life's more painless for the brainless.


Report Offensive Follow Up For Removal


Response Number 6
Name: BlackCat
Date: February 25, 2007 at 08:40:08 Pacific
Subject: Computer really slow
Reply: (edit)


Hi thanks for all help - jabuck here is the HijackThis file :

Logfile of HijackThis v1.99.1
Scan saved at 16:29:50, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Halifax Share Price Alert\halifaxspa.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-b...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Orbiscom - {D81AB57B-7327-4347-B7C7-9EF7CA87CE09} - C:\WINDOWS\system32\SlimBho2.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [bkdpibnire] c:\windows\system32\bkdpibnire.exe bkdpibnire
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Startup: Halifax Share Price Alert.lnk = C:\Program Files\Halifax Share Price Alert\halifaxspa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\AOL 9.0\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...
O16 - DPF: {25FD7375-AB50-4EE1-8D4E-F76ECAC680B2} (CPlayFirstC4CControl Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ba...
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://legacy.aolsvc.aol.com/online...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhe...
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/t...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.playfirst.com/play/game/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/ci...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bo...
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E867692C-01D4-4829-B152-D00C010FDB9A}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


Report Offensive Follow Up For Removal

Response Number 7
Name: BlackCat
Date: February 25, 2007 at 08:45:37 Pacific
Subject: Computer really slow
Reply: (edit)


And SmitFraudFix log :

SmitFraudFix v2.144

Scan done at 16:43:32.18, 25/02/2007
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Report Offensive Follow Up For Removal

Response Number 8
Name: BlackCat
Date: February 25, 2007 at 09:16:12 Pacific
Subject: Computer really slow
Reply: (edit)


Hi vipergg that is a great link you posted - will do proper steps when have time thankyou


Report Offensive Follow Up For Removal

Response Number 9
Name: jabuck
Date: February 25, 2007 at 09:19:17 Pacific
Subject: Computer really slow
Reply: (edit)

Go to this link, http://virusscan.jotti.org/ and use the "browse" button to locate this file c:\windows\system32\bkdpibnire.exe then double click the file to enter it into the "upload and scan box", click submit then post the results.



Report Offensive Follow Up For Removal

Response Number 10
Name: Steve_43232
Date: February 26, 2007 at 18:33:19 Pacific
Subject: Computer really slow
Reply: (edit)

Hi, I also found the following website quite useful; Hi, I also found the following website quite useful; computercleanup
Regards
Steve

Regards
Steve


Report Offensive Follow Up For Removal

Response Number 11
Name: BlackCat
Date: February 27, 2007 at 04:44:43 Pacific
Subject: Computer really slow
Reply: (edit)


Hi jabuck - the file was'nt there with .exe so could'nt scan it - there were 3 others though with .dat and i scanned them just to make sure - apparently they found nothing - i could post the results of them if you'd like?
BlackCat


Report Offensive Follow Up For Removal

Response Number 12
Name: jabuck
Date: February 27, 2007 at 17:59:00 Pacific
Subject: Computer really slow
Reply: (edit)

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

Then look for c:\windows\system32\bkdpibnire.exe and check it at Jotti's.

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the log located at C:Vundofix.txt.

Please download Comboscan from this link:

Comboscan


Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.


Report Offensive Follow Up For Removal

Response Number 13
Name: BlackCat
Date: February 28, 2007 at 01:56:25 Pacific
Subject: Computer really slow
Reply: (edit)

Hi Jabuck i followed instructions to uncheck the hidden files boxes etc..and found they were already unchecked but still searched for file and still could'nt find it - i ran Vundo and when it finished scanning it said there were no infected files - i clicked on remove vundo and it said it found no infected files so it will close - then disappeared.

Here is the ComboScan:

ComboScan v20070226.18 run by user on 2007-02-28 at 09:30:26
Computer is in Normal Mode.
----------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as -

Logfile of HijackThis v1.99.1
Scan saved at 09:31:54, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Halifax Share Price Alert\halifaxspa.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\user\My Documents\My Received Files\comboscan.exe
C:\DOCUME~1\user\MYDOCU~1\Unzipped\HIJACK~1\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-b...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-b...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Orbiscom - {D81AB57B-7327-4347-B7C7-9EF7CA87CE09} - C:\WINDOWS\system32\SlimBho2.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [bkdpibnire] c:\windows\system32\bkdpibnire.exe bkdpibnire
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Halifax Share Price Alert.lnk = C:\Program Files\Halifax Share Price Alert\halifaxspa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\AOL 9.0\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ba...
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://legacy.aolsvc.aol.com/online...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/ci...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\user\MYDOCU~1\Unzipped\HIJACK~1\---

backup-20061120-232455-161 O2 - BHO: (no name) - SlimBho2.dll' - (no file)
backup-20061120-232455-336 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20061120-232455-527 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20061120-232455-775 O2 - BHO: (no name) - s - (no file)
backup-20061120-232455-941 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20061120-232455-943 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - (no file)

-- File Associat-------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0R agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys
3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
0R alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
0R amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
2S Asapi - C:\WINDOWS\system32\drivers\asapi.sys
3R ASAPIW2k - C:\WINDOWS\system32\drivers\asapiW2k.sys
3S ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys
2R AvgTdi (AVG Network Redirector) - C:\WINDOWS\system32\drivers\avgtdi.sys
0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
1R Cdr4_xp - C:\WINDOWS\system32\drivers\cdr4_xp.sys
1R Cdralw2k - C:\WINDOWS\system32\drivers\cdralw2k.sys
1R cdudf_xp - C:\WINDOWS\system32\drivers\Cdudf_xp.sys
3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
1R DVDVRRdr_xp - C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
3R dvd_2K - C:\WINDOWS\system32\drivers\dvd_2k.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S Hl_mull - C:\WINDOWS\system32\drivers\hl_mull.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWBS2 - C:\WINDOWS\system32\drivers\HSFBS2S2.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSFDPSP2.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R MarvinBus (Pinnacle Marvin Bus) - C:\WINDOWS\system32\drivers\MarvinBus.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mmc_2K - C:\WINDOWS\system32\drivers\mmc_2k.sys
3S MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S Mtlmnt5 - C:\WINDOWS\system32\drivers\mtlmnt5.sys
3S Mtlstrm - C:\WINDOWS\system32\drivers\mtlstrm.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070227.035\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070227.035\NAVEX15.SYS
3S NtMtlFax - C:\WINDOWS\system32\drivers\ntmtlfax.sys
1R PCLEPCI - C:\WINDOWS\system32\drivers\Pclepci.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
1R pwd_2k - C:\WINDOWS\system32\drivers\Pwd_2k.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S RecAgent - C:\WINDOWS\system32\drivers\RecAgent.sys
3S RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
0S SiSRaid - C:\WINDOWS\system32\drivers\SiSRaid.sys
3S Slntamr (SmartLink AMR_PCI Driver) - C:\WINDOWS\system32\drivers\slntamr.sys
3S SlNtHal - C:\WINDOWS\system32\drivers\slnthal.sys
3S SlWdmSup - C:\WINDOWS\system32\drivers\slwdmsup.sys
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
1R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070222.002\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
0R uagp35 (Microsoft AGPv3.5 Filter) - C:\WINDOWS\system32\drivers\UAGP35.SYS
1R UDFReadr - C:\WINDOWS\system32\drivers\Udfreadr.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3R winachsf - C:\WINDOWS\system32\drivers\HSFCXTS2.sys
3R WinDriver6 - C:\WINDOWS\system32\drivers\windrvr6.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2S Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
2R AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S comHost (COM Host) - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
2R CyberLink Media Library Service - "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
2R KService - "C:\Program Files\Kontiki\KService.exe"
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
3R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
2R UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
3S usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"


-- Scheduled T---------

2007-02-28 09:20:03 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job<CHECKU~1.JOB>
2007-02-23 20:00:12 562 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - user.job<NORTON~1.JOB>


-- Files created between 2007-01-28 and 20----------

2007-02-28 09:14:27 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-28 09:13:49 92160 --a------ C:\VundoFix.exe
2007-02-25 16:43:13 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-25 16:43:13 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-25 16:43:13 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-23 15:35:05 0 d-------- C:\Program Files\Common Files\Oberon Media<OBERON~1>
2007-02-15 20:22:06 3006 --a------ C:\WINDOWS\wwwconfig.dat<WWWCON~1.DAT>
2007-02-15 20:17:47 0 d-------- C:\Program Files\Yahoo! Games<YAHOO!~1>
2007-02-15 13:50:23 0 d-------- C:\Documents and Settings\user\Saved Games<SAVEDG~1>
2007-02-15 13:34:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-14 16:45:42 0 d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2007-02-14 16:45:28 0 d-------- C:\Program Files\Lavasoft
2007-02-14 15:14:11 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-14 15:14:11 0 --a------ C:\WINDOWS\ORUN32.EXE
2007-02-14 15:14:01 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-02-14 15:05:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-14 15:05:09 0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-02-14 15:05:09 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-14 14:40:24 0 d-------- C:\Program Files\RegistryFix<REGIST~1>
2007-02-13 12:11:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games<FRIEND~1>
2007-02-12 19:01:40 0 d-------- C:\Program Files\Halifax Share Price Alert<HALIFA~1>
2007-02-12 12:04:12 0 d-------- C:\Documents and Settings\user\Application Data\Chicken Chase<CHICKE~1>
2007-02-12 12:03:12 0 d-------- C:\Program Files\BFG
2007-02-09 09:28:33 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-08 13:36:34 0 d-------- C:\Documents and Settings\user\Application Data\AVG7
2007-02-08 13:35:52 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-02-08 13:35:52 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-08 13:35:51 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-08 13:35:50 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-08 13:35:48 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-08 13:35:43 0 d-------- C:\Program Files\Grisoft
2007-02-08 13:35:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-02-08 13:35:43 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-02-04 22:16:12 0 d-------- C:\Program Files\SpeedTouch<SPEEDT~1>
2007-02-03 17:44:04 0 d-------- C:\Program Files\Windows Live Favorites<WI48FA~1>
2007-02-03 17:43:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar<WINDOW~2>
2007-02-03 17:42:48 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~3>
2007-02-03 17:41:46 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-03 11:42:24 0 d-------- C:\Documents and Settings\user\Contacts
2007-02-02 10:24:49 5606 --a------ C:\WINDOWS\system32\stci.dll
2007-02-02 10:24:49 5280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2007-02-02 10:24:49 70688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2007-02-02 10:24:49 3968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2007-02-02 10:24:48 53600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2007-02-02 10:24:47 0 d-------- C:\Program Files\Thomson
2007-01-29 22:08:53 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2007-01-29 22:08:53 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-29 22:08:52 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-01-29 22:08:52 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-01-29 22:08:52 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-01-29 22:08:52 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-29 22:08:51 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-01-29 22:08:51 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-01-29 22:06:30 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-01-29 08:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Find3M Re-----------

2007-02-28 08:58:33 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-25 16:43:39 2238 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-23 15:35:04 0 d-------- C:\Program Files\Oberon Media<OBERON~1>
2007-02-15 18:18:23 0 d-------- C:\Documents and Settings\user\Application Data\Smilebox
2007-02-14 16:38:55 0 d-------- C:\Program Files\Java
2007-02-13 12:11:26 0 d-------- C:\Documents and Settings\user\Application Data\PlayFirst<PLAYFI~1>
2007-02-13 12:11:00 0 d-------- C:\Program Files\PlayFirst<PLAYFI~1>
2007-02-08 14:46:15 0 d-------- C:\Documents and Settings\user\Application Data\Zylom
2007-02-08 14:16:05 0 d-------- C:\Documents and Settings\user\Application Data\AdobeUM
2007-02-08 13:35:32 0 d---s---- C:\Documents and Settings\user\Application Data\Microsoft<MICROS~1>
2007-02-04 22:16:11 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-02 20:08:38 0 d-------- C:\Program Files\CardPlayer Poker<CARDPL~1>
2007-02-02 12:17:58 0 d-------- C:\Program Files\Zylom Games<ZYLOMG~1>
2007-02-02 12:16:34 0 d-------- C:\Program Files\Ubisoft
2007-02-02 12:16:33 0 d-------- C:\Program Files\Starware322<STARWA~1>
2007-02-02 12:02:09 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-01-31 12:46:34 0 d-------- C:\Documents and Settings\user\Application Data\Identities<IDENTI~1>
2007-01-20 20:45:16 0 d-------- C:\Program Files\Full Tilt Poker<FULLTI~1>
2007-01-19 23:05:50 0 d-------- C:\Program Files\Kontiki
2007-01-19 23:05:47 0 d-------- C:\Program Files\Channel4
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-17 16:41:19 0 d-------- C:\Program Files\Belles Beauty Boutique<BELLES~1>
2007-01-16 14:26:06 0 d-------- C:\Documents and Settings\user\Application Data\Mind Control Software<MINDCO~1>
2007-01-15 16:12:01 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-03 15:21:34 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2006-12-22 11:43:39 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-19 21:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 18:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-02 23:21:11 4406 --a------ C:\WINDOWS\system32\bkdpibnire.dat<BKDPIB~1.DAT>
2006-11-29 17:44:43 247502 --a------ C:\WINDOWS\system32\bkdpibnire_nav.dat<BKDPIB~3.DAT>


-- Registry -----------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"STManager"="\"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe\" -b"
"Magentic"="C:\\PROGRA~1\\Magentic\\bin\\Magentic.exe /c"
"kdx"="C:\\Program Files\\Kontiki\\KHost.exe -all"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PSDrvCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"bkdpibnire"="c:\\windows\\system32\\bkdpibnire.exe bkdpibnire"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"4oD"="\"C:\\Program Files\\Kontiki\\KHost.exe\" -all"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"Registrando Panda ActiveX"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\as.dll"
"Registrando Panda Almacen"="C:\\WINDOWS\\system32\\regsvr32.exe /s C:\\WINDOWS\\system32\\ActiveScan\\pavpz.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of ComboScan: finished at 2007-02-28 at 09:3-

And the Supplementary:


ComboScan v20070226.18 run by user on 2007-02-28 at 09:30:26
Supplementary logfile - please post this as an attachment with your post.
----------------------

-- System Informa------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 958.73 MiB / 463.81 MiB
Pagefile Memory (total/avail): 2310.68 MiB / 1894.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1984.46 MiB

C: is Fixed (NTFS) - 180.29 GiB total, 162 GiB free.
D: is CDROM (No Media)


-- Security Ce---------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: AVG 7.5.446 v7.5.446 (GRISOFT)
AV: Norton Internet Security v2007 (Symantec Corporation)


-- Environment Varia---

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=Dartmouth
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\Dartmouth
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\GTK\2.0\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=Dartmouth
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Prof-----------

user [I](admin)[/I]


-- Add/Remove Prog-----

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
--> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\Setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD --> MsiExec.exe /I {68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10DF0050-AFA0-444A-AA69-34EC34A3F509}\setup.exe" -l0x9
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Belles Beauty Boutique (remove only) --> "C:\Program Files\Belles Beauty Boutique\Uninstall.exe"
CardPlayer Poker --> C:\PROGRA~1\CARDPL~1\UNWISE.EXE C:\PROGRA~1\CARDPL~1\INSTALL.LOG
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
cis --> MsiExec.exe /X{DB67B4E0-810B-4F5C-B976-7D207AF4537F}
Clean 5 --> C:\PROGRA~1\Pinnacle\CLEAN5~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CLEAN5~1\INSTALL.LOG
Confidence Online(tm) for Web Applications --> C:\Documents and Settings\user\Application Data\WholeSecurity\CAT\WSUIEE.exe
Constantine(TM) --> C:\WINDOWS\unvise32.exe C:\Program Files\SCi Games\Constantine\uninstal.log
Cubasis VST 5 --> C:\PROGRA~1\Pinnacle\CUBASI~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CUBASI~1\INSTALL.LOG
Diner Dash 2 --> C:\Program Files\Diner Dash 2\uninstall.exe
Diner Dash Flo on the Go Free Trial --> "C:\Program Files\DinerDashFloontheGo_at\unins000.exe"
Dr SpeedTouch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}\Setup.exe" /l0009 -Control_Panel
Easy Guitar --> C:\PROGRA~1\Pinnacle\CUBASI~1\VSTPLU~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CUBASI~1\VSTPLU~1\INSTALL.LOG
Fairies (remove only) --> "C:\Program Files\Yahoo! Games\Fairies\Uninstall.exe"
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Desktop Search --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
GTK+ 2.8.7 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Halifax Share Price Alert (remove only) --> C:\Program Files\Halifax Share Price Alert\Uninstall.exe
HASP Device Driver --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\hdd32.log
HijackThis 1.99.1 --> C:\Documents and Settings\user\My Documents\Unzipped\hijackthis\HijackThis.exe /uninstall
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Label Editor --> "C:\Program Files\Steinberg\Label Editor\Uninstall.exe" "C:\Program Files\Steinberg\Label Editor\install.log"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Loco Christmas Edition (remove only) --> "C:\Program Files\Yahoo! Games\Loco Christmas Edition\Uninstall.exe"
Magentic --> C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Master Unit --> C:\PROGRA~1\STEINB~1\MASTER~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\MASTER~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Muon Tau MDrive --> C:\PROGRA~1\STEINB~1\VSTPLU~1\Muon\UNINST~1.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\Muon\INSTALL.LOG
Mystic Inn --> C:\PROGRA~1\PLAYFI~1\MYSTIC~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\MYSTIC~1\INSTALL.LOG
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Packard Bell InfoCentre --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}\setup.exe"
Packard Bell Toolbar 1.0 --> "C:\Program Files\Dynamic Toolbar\unins000.exe"
Pinnacle Hollywood FX --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
Quake 4(TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l2057
rayman2 --> C:\WINDOWS\UbiSoft\SetupUbi.exe -uninstall rayman2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio Easy Media Creator 7 Basic DVD Edition --> MsiExec.exe /I{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Serious Sam: The First Encounter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815050E5-F545-11D4-9569-004095812ACC}\Setup.exe"
Sharpest_Pictures_Waterfalls Screen Saver --> C:\WINDOWS\system32\Sharpest_Pictures_Waterfalls.scr /u
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem3.inf
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
SpongeBob Diner Dash --> C:\PROGRA~1\PLAYFI~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\SPONGE~1\INSTALL.LOG
Starware322 4.4.1.0 --> C:\Program Files\Starware322\Starware322Uninstall.exe
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The GIMP 2.2.9 --> "C:\Program Files\GIMP-2.0\unins000.exe"
Tiks Texas Hold em --> "C:\Program Files\Oberon Media\Tiks Texas Hold em\Uninstall.exe" "C:\Program Files\Oberon Media\Tiks Texas Hold em\install.log"
Tranquil - Waterfalls Screen Saver --> C:\WINDOWS\Tranquil - Waterfalls.scr /u
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WaveLab Lite --> "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
WeatherBug Download Manager --> C:\PROGRA~1\AWS\WEATHE~1\Install\MiniBug.exe Remove
Wild West Wendy (remove only) --> "C:\Program Files\Yahoo! Games\Wild West Wendy\Uninstall.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- End of ComboScan: finished at 2007-02-28 at 09:3-


BlackCat


Report Offensive Follow Up For Removal

Response Number 14
Name: jabuck
Date: February 28, 2007 at 04:00:04 Pacific
Subject: Computer really slow
Reply: (edit)

Go to start> control panel> add/ remove programs and uninstall these programs.

Starware322 4.4.1.0

WeatherBug Download Manager

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [bkdpibnire] c:\windows\system32\bkdpibnire.exe bkdpibnire

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...

Exit Hijack This but remain in safe mode.

Run Kill box from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\_MSRSTRT.EXE

c:\windows\system32\bkdpibnire.exe

C:\WINDOWS\system32\bkdpibnire.dat

C:\WINDOWS\system32\bkdpibnire_nav.dat

Return to Killbox, go to the File menu, and choose Paste from Clipboard.


Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

Navigate to and delete these folders if found:

C:\Documents and Settings\All Users\Application Data\Trymedia

C:\Program Files\Starware322

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).


Report Offensive Follow Up For Removal

Response Number 15
Name: BlackCat
Date: February 28, 2007 at 06:51:07 Pacific
Subject: Computer really slow
Reply: (edit)

Hi Jabuck - have done all - Killbox :Click OK at any PendingFileRenameOperations prompt - Did not get this message.

Do you want me to post the AVG scan report?


Report Offensive Follow Up For Removal

Response Number 16
Name: BlackCat
Date: February 28, 2007 at 09:09:10 Pacific
Subject: Computer really slow
Reply: (edit)

Hi Jabuck - have done all - Killbox :Click OK at any PendingFileRenameOperations prompt - Did not get this message.

Do you want me to post the AVG scan report?


Report Offensive Follow Up For Removal

Response Number 17
Name: jabuck
Date: February 28, 2007 at 15:01:51 Pacific
Subject: Computer really slow
Reply: (edit)

Please post the AVG report. Is the computer operating any faster.


Report Offensive Follow Up For Removal

Response Number 18
Name: BlackCat
Date: March 1, 2007 at 00:46:37 Pacific
Subject: Computer really slow
Reply: (edit)

Computer is running faster thanks - but one thing thats just started - everytime i turn computer on i get a box come up saying windows installer is trying to install photo gallery or something - then it says there is a problem and asks me to insert the disk - i have no idea what this is and have no disk??? Then when i press cancel it just goes ahead and tries installing whatever then errors again - i have to press cancel 3 times to get rid - do you have any ideas????
Also here is the AVG log:


AVG Anti-Spyware - Scan Report


+ Created at: 14:45:44 28/02/2007

+ Scan result:

HKU\S-1-5-21-3594978592-3234461705-3787174395-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
C:\Documents and Settings\user\DoctorWeb\Quarantine\MWSOEMON.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\user\DoctorWeb\Quarantine\A0104313.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\user\DoctorWeb\Quarantine\Delicious-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).


::Report end



Report Offensive Follow Up For Removal

Response Number 19
Name: BlackCat
Date: March 6, 2007 at 01:29:10 Pacific
Subject: Computer really slow
Reply: (edit)

Ok i guess you dont want to answer that question - but thankyou very much for your help with the rest - much appreciated.

BlackCat


Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Computer really slow

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



To trick a Creative driver

How do you add voice to a microsoft

IBM Thinkpad R40 - Operating System

Possibly a New Video Card?

Virus alert!

All Posts Awaiting Replies