slow computer...!!!

**and12345** · 12-08-2007

Plz help me with my computer...... it's getting frustated

this is my hijack logfile.... plz help me....
my computer acting strange lately..
sometimes it taking so long just to booting or even shutting down... could it be because of viruses or what???

Logfile of HijackThis v1.99.1
Scan saved at 17:06:49, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\PowerMenu\PowerMenu.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\PixelView\PV Center\GDI RecordingMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\Upgrader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\andreas\Master Program\maintenance\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\Registr yController.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: PV Center Recording Manager.lnk = C:\Program Files\PixelView\PV Center\GDI RecordingMonitor.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellE xt.dll /100
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C380463D-4131-4699-BC6F-E8F9A8A4FEB3}: NameServer = 203.130.206.250,202.134.1.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

my hardware spec is:
Proc : Pentium D 2,8 Ghz smithfield ( 14x200 )
Motherboard : PCCHIPS P23G
RAM : 1 Gb
VGA : ATI RADEON 7000 series

any tweaking advice?

**VopThis** · 12-08-2007

You appear to be running two (2) Firewalls at the same time (Panda and Zonealarm). If so, one of them has to go (because of expected conflicts and system performance issues) - likely 'ZONEALARM' since Panda is a suite of tools.

**and12345** · 12-08-2007

hm.... thank you very much for your quick reply^^
but when installing panda internet security i choose to custom install and i didn't install the firewall protection coz i suggest zonealarm is better...

and my zonealarm antivirus already i deactive

**VopThis** · 12-08-2007

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. (NOTE: This a different tool from the AVG Antivirus Tool.).

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update successful message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
  - Under How to act?
    - Click on Recommended Action and choose Quarantine from the popup menu.
  - Under How to scan?
    - All checkboxes should be ticked.
  - Under Possibly unwanted software:
    - All checkboxes should be ticked.
  - Under Reports:
    - Select Automatically generate report after every scan and uncheck Only if threats were found.
  - Under What to scan?
    - Select Scan every file.
- Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button.(3)

When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop. I will need you to post this in your next reply.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

Let us see/review what is loaded on your PC:

Run HijackThis and Click Open the Misc Tools section button.
Then click the Open Uninstall Manager… button.
Click the Save list… button. Save uninstall_list to your desktop.
Open the Uninstall list file and post in your next reply, please.

**and12345** · 13-08-2007

sory but when i already scan my computer unintentionally delete all of the viruses that found and there are 2 trojan found.. one is trojan aon.

this is my hijack logfile

µTorrent
ACDSee 9 Photo Manager
Adobe Common File Installer
Adobe Flash Player 9 Plugin
Adobe Photoshop CS2
Adobe Shockwave Player
Alkitab Elektronik
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATITool Overclocking Utility
AutoShutdown
AVG Anti-Spyware 7.5
CachemanXP 1.51
Calculator Powertoy for Windows XP
Canon iP1700
Canon PhotoRecord
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canopus Codec Option
Canopus ProCoder Express for EDIUS
CCleaner (remove only)
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
CopyProfile
CorelDRAW Graphics Suite X3
DISCcapture
Easy-WebPrint
EDIUS
EDIUS Core
EDIUS(SetupManager)
EN
Flash Saver
FontNav
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ Runtime 2.10.11 rev b (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Media Format SDK (KB900399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB921108)
Hotfix for Windows Media Format SDK (KB922042)
Hotfix for Windows Media Format SDK (KB922814)
Hotfix for Windows Media Format SDK 9.5 (KB905592)
Hotfix for Windows XP (KB319740)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB897338)
Hotfix for Windows XP (KB898900)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB904412)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB907865)
Hotfix for Windows XP (KB912461)
Hotfix for Windows XP (KB912817)
Hotfix for Windows XP (KB913538)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918093)
Hotfix for Windows XP (KB918766)
Hotfix for Windows XP (KB924941)
Hotfix for Windows XP (KB927544)
HTML Slideshow Powertoy for Windows XP
HX-E1
ieSpell 2.2.0 (build 647)
Image Resizer Powertoy for Windows XP
InterVideo FilterSDK
J2SE Runtime Environment 5.0 Update 9
jetAudio Plus VX
K-Lite Codec Pack 3.2.5 Full
LingvoSoft Dictionary 2006 (English<->Japanese Kanji Romaji) for Windows
Magic ISO Maker v5.4 (build 0239)
Magnifier Powertoy for Windows XP
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.1)
MPEGcapture
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB927977)
Nero 7 Ultra Edition
NetSupport Manager
On-line Help Console
Opera 9.21
Panda Internet Security 2007
PeerGuardian 2.0
Pidgin 2.0.1 (remove only)
PowerISO
PV Center
Quick Titler
QuickTime
RealPlayer
Realtek AC'97 Audio
Safari
ScanSoft PDF Converter 3.0
ScanSoft PDF Create 3.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Skype 3.0
Skype Plugin Manager
Slideshow Generator Powertoy for Windows XP
Sony DVD Architect 2.0
Timershot Powertoy for Windows XP
TopDesk 1.4.2
TuneXP 1.5
TypingMaster Pro
Update for Windows XP (KB896256)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB907265)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update Manager
VBA
VIA Platform Device Manager
Virtual Desktop Manager Powertoy for Windows XP
WindowBlinds
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB896097
Windows Media Hotfix - KB895181
Windows Media Player 10
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 10 Hotfix - KB895316
Windows Media Player Firefox Plugin
Windows Resource Kit Tools
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB894395
Windows XP Hotfix - KB896626
WinPcap 3.1
WinRAR archiver
WM Recorder 11.0
Yahoo! Install Manager
Yahoo! Messenger
Your Uninstaller! 2006 Version 5
YouTube Downloader 2.2
ZoneAlarm Security Suite

**VopThis** · 13-08-2007

2 trojan found.. one is trojan aon.

PLease specify the exact filename and PATH for any trojans found - some of the trojan names are often very obscure.

Did you run the AVG AS scan that I requested in my last post? It is very strong against trojans.

Also,
Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**and12345** · 14-08-2007

just now i rescan my computer and found something else

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:02 2007-08-13

+ Scan result:

:mozilla.174:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.54:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.58:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.59:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.60:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.28:C:\Documents and Settings\AthaNz\Application Data\Mozilla\Firefox\Profiles\uk10lb7o.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.

::Report end

and this is my hijack logfile

Logfile of HijackThis v1.99.1
Scan saved at 16:54, on 2007-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TopDesk\topdesk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\JAP\jap.exe
C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
G:\andreas\Master Program\maintenance\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\Registr yController.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellE xt.dll /100
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C380463D-4131-4699-BC6F-E8F9A8A4FEB3}: NameServer = 203.130.206.250,202.134.1.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**VopThis** · 14-08-2007

Your last scan only found minor (but potentially invasive) cookie items.

If you are still having problems, please run the Combofix scan I requested in post #6.

**and12345** · 16-08-2007

sory with the slow reply... i'm having trouble with my JAP
this is my combofix log

ComboFix 07-08-09.3 - "AthaNz" 2007-08-14 9:47:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.559 [GMT 7:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 09:25 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-14 09:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-13 08:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 18:32 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-08-12 18:32 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-08-12 18:32 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-08-12 18:32 <DIR> d-------- C:\WINDOWS\system32\1033
2007-08-12 18:32 <DIR> d-------- C:\WINDOWS\srchasst
2007-08-12 18:32 <DIR> d-------- C:\WINDOWS\peernet
2007-08-12 18:32 <DIR> d-------- C:\Program Files\movie maker
2007-08-12 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-08-11 21:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-11 19:22 <DIR> d-------- C:\Program Files\JAP
2007-08-11 19:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-08-11 19:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-08-11 19:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-08-11 19:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-08-11 19:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2007-08-11 19:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-08-11 19:10 <DIR> d-------- C:\DOCUME~1\AthaNz\Pavark
2007-08-11 18:00 <DIR> d-------- C:\DOCUME~1\AthaNz\APPLIC~1\Zeon
2007-08-10 16:43 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-08-10 16:40 <DIR> d-------- C:\Program Files\MSBuild
2007-08-10 16:40 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-10 16:39 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-10 16:32 <DIR> d-------- C:\Program Files\Ulead Systems
2007-08-10 15:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-10 15:28 <DIR> dr-h----- C:\MSOCache
2007-08-10 13:10 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2007-08-10 13:10 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-08-10 13:09 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-08-10 13:09 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-08-10 12:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-09 23:47 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2007-08-09 23:47 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-08-09 23:28 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-08-09 23:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-09 23:22 34,832 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-08-09 23:15 <DIR> d-------- C:\DOCUME~1\AthaNz\APPLIC~1\COWON
2007-08-09 22:28 <DIR> d-------- C:\Program Files\PowerISO
2007-08-09 22:27 <DIR> d-------- C:\Program Files\MagicISO
2007-08-09 15:03 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-09 15:03 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-08-09 15:00 9,856 --a------ C:\WINDOWS\system32\drivers\pmc2ir.sys
2007-08-09 15:00 164,992 --a------ C:\WINDOWS\system32\drivers\pmc2vid.sys
2007-08-09 15:00 118,400 --a------ C:\WINDOWS\system32\drivers\pmc2tun.sys
2007-08-09 15:00 10,112 --a------ C:\WINDOWS\system32\drivers\pmc2xbr.sys
2007-08-09 15:00 10,112 --a------ C:\WINDOWS\system32\drivers\pmc2ava.sys
2007-08-09 15:00 <DIR> d-------- C:\Program Files\PixelView
2007-08-09 14:59 <DIR> d-------- C:\Program Files\InterVideo
2007-08-09 14:59 <DIR> d-------- C:\Program Files\GDI
2007-08-09 14:43 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll
2007-08-09 14:36 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-08-09 13:26 <DIR> d---s---- C:\DOCUME~1\AthaNz\UserData
2007-08-09 13:03 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-09 13:03 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-09 12:59 <DIR> d-------- C:\Program Files\Common Files\CANON
2007-08-09 12:58 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-08-09 12:56 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-09 12:52 <DIR> d-------- C:\Program Files\Canon
2007-08-09 12:51 <DIR> d-------- C:\Program Files\VCD Cutter 4.04
2007-08-09 12:35 <DIR> d-------- C:\DOCUME~1\AthaNz\APPLIC~1\Canopus
2007-08-09 12:32 <DIR> d-------- C:\DOCUME~1\AthaNz\APPLIC~1\Google
2007-08-09 12:31 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-08-09 12:31 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-09 12:31 <DIR> d-------- C:\Program Files\QuickTime
2007-08-09 12:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-08-09 12:30 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2007-08-09 12:30 <DIR> d-------- C:\Program Files\directx
2007-08-09 12:27 835,665 -ra------ C:\WINDOWS\system32\cseuvec.dll
2007-08-09 12:27 69,632 -ra------ C:\WINDOWS\system32\cuvccodc.dll
2007-08-09 12:27 69,632 -ra------ C:\WINDOWS\system32\cllccodc.dll
2007-08-09 12:27 49,152 --a------ C:\WINDOWS\system32\cvpcdvc.dll
2007-08-09 12:27 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2007-08-09 12:27 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2007-08-09 12:27 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2007-08-09 12:27 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2007-08-09 12:27 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2007-08-09 12:27 122,961 -ra------ C:\WINDOWS\system32\csellc.dll
2007-08-09 12:09 73,728 -ra------ C:\WINDOWS\system32\pavedius.dll
2007-08-09 12:09 458,752 -ra------ C:\WINDOWS\system32\pavapi.dll
2007-08-09 12:09 4,096 -ra------ C:\WINDOWS\system32\paveno.dll
2007-08-09 12:09 1,130,585 -ra------ C:\WINDOWS\system32\csedvh.dll
2007-08-09 12:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-09 12:06 26,569 --a------ C:\WINDOWS\system32\drivers\zskrnl.sys
2007-08-09 12:06 <DIR> d-------- C:\Program Files\Common Files\Canopus Shared
2007-08-09 12:06 <DIR> d-------- C:\Program Files\Canopus
2007-08-09 11:58 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-08-09 11:58 <DIR> d-------- C:\Program Files\Malicious Software Removal Tool
2007-08-09 11:56 <DIR> d-------- C:\Program Files\Google
2007-08-09 11:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-09 11:55 59,264 -----c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2007-08-09 11:55 36,864 -----c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2007-08-09 11:55 2,182,144 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-08-09 11:55 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-08-09 11:55 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-08-09 11:53 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll
2007-08-09 11:52 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-08-09 11:52 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-08-09 11:52 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-14 09:55 --------- d-------- C:\DOCUME~1\AthaNz\APPLIC~1\uTorrent
2007-08-14 09:52 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-14 09:51 46880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-14 09:51 3500064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-13 16:37 --------- d-------- C:\Program Files\Common Files\ODBC
2007-08-13 10:00 --------- d-------- C:\Program Files\PeerGuardian2
2007-08-12 18:32 --------- d-------- C:\Program Files\Windows NT
2007-08-12 18:32 --------- d-------- C:\Program Files\msn gaming zone
2007-08-12 18:01 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-08-11 23:16 --------- d-------- C:\Program Files\WMR11
2007-08-11 23:16 --------- d-------- C:\Program Files\NetSupport Manager
2007-08-11 23:14 --------- dr------- C:\Program Files\TypingMaster
2007-08-11 23:14 --------- d-------- C:\Program Files\MSN Messenger
2007-08-11 20:29 --------- d-------- C:\Program Files\JetAudio
2007-08-11 20:06 --------- d-------- C:\Program Files\TopDesk
2007-08-11 20:05 --------- d-------- C:\Program Files\uTorrent
2007-08-11 20:05 --------- d-------- C:\Program Files\Bonjour
2007-08-10 15:18 --------- d-------- C:\Program Files\CachemanXP
2007-08-09 14:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 14:42 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-08-09 14:42 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-08-09 14:42 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-08-09 14:42 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-08-09 14:42 52224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-08-09 14:42 47104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-08-09 14:42 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-08-09 14:42 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-08-09 14:42 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-08-09 14:42 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-08-09 14:42 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-08-09 14:42 35328 --a------ C:\WINDOWS\system32\pid.dll
2007-08-09 14:42 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-08-09 14:42 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2007-08-09 14:42 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-08-09 14:42 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-08-09 14:42 20992 --a------ C:\WINDOWS\system32\hid.dll
2007-08-09 14:42 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-08-09 14:42 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-08-09 14:42 15360 --a------ C:\WINDOWS\system32\pjlmon.dll
2007-08-09 14:42 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-08-09 14:41 86073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2007-08-09 14:41 8192 --a------ C:\WINDOWS\system32\streamci.dll
2007-08-09 14:41 77891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2007-08-09 14:41 77890 --a------ C:\WINDOWS\system32\usrdpa.dll
2007-08-09 14:41 77883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2007-08-09 14:41 69700 --a------ C:\WINDOWS\system32\usrshuta.exe
2007-08-09 14:41 69699 --a------ C:\WINDOWS\system32\usrcoina.dll
2007-08-09 14:41 61508 --a------ C:\WINDOWS\system32\usrprbda.exe
2007-08-09 14:41 61500 --a------ C:\WINDOWS\system32\usrcntra.dll
2007-08-09 14:41 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2007-08-09 14:41 53305 --a------ C:\WINDOWS\system32\usrlbva.dll
2007-08-09 14:41 49211 --a------ C:\WINDOWS\system32\usrvpa.dll
2007-08-09 14:41 49211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2007-08-09 14:41 49209 --a------ C:\WINDOWS\system32\usrv80a.dll
2007-08-09 14:41 45116 --a------ C:\WINDOWS\system32\usrvoica.dll
2007-08-09 14:41 41019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2007-08-09 14:41 323641 --a------ C:\WINDOWS\system32\usrdtea.dll
2007-08-09 14:41 3200 --a------ C:\WINDOWS\system32\wowfax.dll
2007-08-09 14:41 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-08-09 14:41 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2007-08-09 14:41 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-08-09 14:41 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2007-08-09 14:41 13824 --a------ C:\WINDOWS\system32\wowfaxui.dll
2007-08-09 14:41 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2007-08-09 14:41 102457 --a------ C:\WINDOWS\system32\usrv42a.dll
2007-08-09 13:09 --------- d-------- C:\Program Files\ATITool
2007-08-09 11:49 --------- d-------- C:\Program Files\Opera
2007-08-09 10:52 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-08-09 09:12 --------- d-------- C:\Program Files\DAEMON Tools
2007-08-08 21:19 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-08-08 21:02 245760 --a----t- C:\WINDOWS\system32\PAVSHOOK.DLL
2007-08-08 21:02 141312 --a----t- C:\WINDOWS\system32\drivers\netflt.sys
2007-06-26 22:13 851968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 13:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-21 21:54 75248 --a------ C:\WINDOWS\zllsputility.exe
2007-06-21 21:54 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-19 20:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 18:26 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 18:26 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-03 14:31 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\divx.dll
2007-05-17 18:28 549376 --a--c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 18:28 549376 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-16 22:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 22:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 22:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 22:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 22:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 22:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-15 15:43 1320800 --a------ C:\WINDOWS\system32\msxml6.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-24 21:10]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\Registr yController.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-21 02:49]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-02 00:03]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-08-08 21:02]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.e xe" [2002-03-19 17:30]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-16 03:17]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-08-09 10:05:37]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuPinnedList"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSMBalloonTip"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSharedDocuments"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuPinnedList"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R0 netflt;Panda Net Driver.;C:\WINDOWS\system32\Drivers\netflt.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 PCISys;PCISys;C:\WINDOWS\system32\drivers\PCISys.s ys
R1 PMC2AVA;PMC2AVA;C:\WINDOWS\system32\drivers\pmc2av a.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys
R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\ CachemanXP.exe
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51 .sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R2 PMC23880;PMC23880;C:\WINDOWS\system32\drivers\pmc2 vid.sys
R2 PMC2IR;PMC2IR;C:\WINDOWS\system32\drivers\pmc2ir.s ys
R2 PMC2TUNE;PMC2TUNE;C:\WINDOWS\system32\drivers\pmc2 tun.sys
R2 PMC2XBAR;PMC2XBAR;C:\WINDOWS\system32\drivers\pmc2 xbr.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
R3 gdihook5;gdihook5;C:\WINDOWS\system32\DRIVERS\gdih ook5.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavS RK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavT PK.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys

Contents of the 'Scheduled Tasks' folder
2006-07-20 19:42:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 09:52:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-14 9:57:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 09:57

--- E O F ---

slow computer...!!!

slow computer...!!!

Similar Threads

My computer is so slow

Help me! Computer is very slow

Computer too slow

Slow computer slow browsing

slow computer