Vista, Slow.

M0LD0V4N

M0LD0V4N

New Member
This is my friends HijackThis Log, His computer runs slow. Is it a Virus or Just a slow computer. If not infected, Any tips to increase Performance?

Log:




Logfile of HijackThis v1.99.1
Scan saved at 5:58:27 PM, on 6/26/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Arkadiy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
Can you pls download the new version of Hijackthis. Follow these instructions.

Post a Hijackthis Log

  • Download Hijackthis from here
  • Open Hijackthis
  • Click on "Do a system Scan Only"
  • Click on "save log"
  • A notepad window will open
  • Hit Ctrl + A
  • Copy + paste in a forum reply

Then we can go from there.

If after that you are still infected, please post a Hijackthis log. To post a Hijackthis log, please do the following:
Click Here to download HJTsetup.exe


* Save HJTsetup.exe to your desktop.
* Double click on the HJTsetup.exe icon on your desktop.
* By default it will install to C:\Program Files\Hijack This.
* Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
* Put a check by Create a desktop icon then click Next again.
* Continue to follow the rest of the prompts from there.
* At the final dialogue box click Finish and it will launch Hijack This.
* Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
* Click Save to save the log file and then the log will open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Come back and create a new thread and Paste the log in your post, using Hijackthis in your Subject bar
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


We will look at your log as soon as we see it, and give you further instructions on how to fix your computer. Most of the time it will involve downloading more programs that will either give us logs to locate the malware or delete those malware.

Once you have posted a HJT Thread DO NOT make any changes to your PC unless the advisor helping you has instructed you to do so!
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:31 PM, on 6/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7002 bytes
 
hhhmmm.....

lets run a combo fix log and see what it does.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 08-06-20.4 - Arkadiy 2008-06-26 18:40:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.283 [GMT -7:00]
Running from: C:\Users\Arkadiy\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-26 17:27 . 2008-06-26 17:27 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Thinking Minds Budiling Bytes
2008-06-26 17:26 . 2008-06-26 17:26 <DIR> d-------- C:\Program Files\CubeDesktop
2008-06-26 15:58 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-06-26 15:11 . 2008-06-26 15:11 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\ESET
2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\Users\All Users\ESET
2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\ProgramData\ESET
2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\Program Files\ESET
2008-06-25 16:34 . 2008-06-25 16:34 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Gamelab
2008-06-24 23:12 . 2008-06-24 23:16 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Vso
2008-06-24 23:12 . 2008-06-24 23:12 <DIR> d-------- C:\Program Files\VSO
2008-06-23 00:48 . 2008-06-23 00:48 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-23 00:48 . 2006-10-07 17:43 502,784 --a------ C:\Windows\x2.64.exe
2008-06-23 00:48 . 2008-02-07 16:15 408,576 --a------ C:\Windows\System32\Smab.dll
2008-06-23 00:48 . 2005-02-28 13:16 240,128 --a------ C:\Windows\System32\x.264.exe
2008-06-23 00:48 . 2006-04-12 09:47 217,073 --a------ C:\Windows\meta4.exe
2008-06-23 00:48 . 2004-01-25 00:00 70,656 --a------ C:\Windows\System32\i420vfw.dll
2008-06-23 00:48 . 2006-04-05 08:09 66,560 --a------ C:\Windows\MOTA113.exe
2008-06-23 00:48 . 2005-07-14 12:31 27,648 --a------ C:\Windows\System32\AVSredirect.dll
2008-06-23 00:46 . 2008-06-23 00:46 <DIR> d-------- C:\Program Files\eRightSoft
2008-06-21 12:23 . 2008-03-21 13:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-06-21 12:23 . 2008-03-31 14:25 682,496 --a------ C:\Windows\System32\divx.dll
2008-06-21 12:23 . 2008-03-21 13:28 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-06-21 08:09 . 2008-04-24 17:33 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-21 08:09 . 2008-04-22 21:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-21 08:09 . 2008-04-22 21:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-21 08:09 . 2008-04-22 21:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-21 08:09 . 2008-04-22 21:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-21 08:09 . 2008-04-22 21:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-21 08:09 . 2008-04-22 21:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-21 08:09 . 2008-04-22 21:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-21 08:09 . 2008-04-24 21:23 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-06-21 08:09 . 2008-04-24 21:22 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-06-21 08:08 . 2008-04-26 01:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-21 08:08 . 2008-05-09 18:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-21 08:08 . 2008-05-09 20:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-20 18:34 . 2007-04-09 09:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.original
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\DivX
2008-06-20 17:39 . 2008-06-20 17:42 <DIR> d-------- C:\divx
2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\ProgramData\Apple Computer
2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\Program Files\QT Lite
2008-06-20 17:37 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-06-20 17:37 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-06-20 17:32 . 2008-06-21 12:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-20 17:20 . 2008-06-20 17:20 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-20 16:39 . 2008-06-20 16:50 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-06-20 16:39 . 2004-05-26 21:37 719,872 --a------ C:\Windows\System32\devil.dll
2008-06-20 16:39 . 2003-03-19 11:03 544,768 --a------ C:\Windows\System32\msvcr71d.dll
2008-06-20 16:39 . 2007-05-17 17:30 318,976 --a------ C:\Windows\System32\avisynth.dll
2008-06-19 18:33 . 2008-06-19 18:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-19 18:07 . 2008-06-19 18:07 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Avant Profiles
2008-06-18 15:12 . 2008-06-18 15:11 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-06-18 15:12 . 2008-06-18 15:12 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-06-18 15:11 . 2008-06-18 15:11 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-06-18 14:19 . 2008-06-18 17:52 <DIR> d-------- C:\Program Files\WarRock
2008-06-16 15:06 . 2008-06-16 15:06 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-06-16 11:25 . 2008-06-16 11:25 57,344 --a------ C:\Users\Arkadiy\iSNIML.dll
2008-06-15 22:12 . 2008-06-16 00:00 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\MiniDm
2008-06-12 10:34 . 2008-06-12 10:34 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-06-10 16:31 . 2008-06-12 10:36 <DIR> d-------- C:\upload
2008-06-05 17:37 . 2008-06-05 17:37 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-01 21:56 . 2008-06-01 21:56 <DIR> d-------- C:\Program Files\PowerISO
2008-05-30 18:51 . 2008-05-30 18:51 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-30 16:22 . 2008-05-30 16:22 593,920 --a------ C:\Windows\System32\dpuGUI11.dll
2008-05-30 16:22 . 2008-05-30 16:22 344,064 --a------ C:\Windows\System32\dpus11.dll
2008-05-30 16:22 . 2008-05-30 16:22 294,912 --a------ C:\Windows\System32\dpu11.dll
2008-05-30 16:22 . 2008-05-30 16:22 294,912 --a------ C:\Windows\System32\dpu10.dll
2008-05-30 16:22 . 2008-05-30 16:22 57,344 --a------ C:\Windows\System32\dpv11.dll
2008-05-30 16:22 . 2008-05-30 16:22 53,248 --a------ C:\Windows\System32\dpuGUI10.dll
2008-05-29 23:46 . 2008-06-26 08:23 <DIR> d-------- C:\Users\All Users\Google Updater
2008-05-29 23:46 . 2008-06-26 08:23 <DIR> d-------- C:\ProgramData\Google Updater
2008-05-29 23:43 . 2008-05-29 23:43 <DIR> d-------- C:\Program Files\IEPro
2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-29 17:46 . 2008-05-29 17:46 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-29 17:46 . 2008-05-29 17:46 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-29 17:45 . 2008-05-29 17:45 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-29 17:45 . 2008-05-29 17:45 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-29 17:43 . 2008-05-29 17:43 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-29 17:43 . 2008-05-29 17:43 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-29 17:43 . 2008-05-29 17:43 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-29 17:43 . 2008-05-29 17:43 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-29 17:43 . 2008-05-29 17:43 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-29 17:43 . 2008-05-29 17:43 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-29 17:43 . 2008-05-29 17:43 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-05-29 17:42 . 2007-04-09 09:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-29 17:42 . 2008-05-29 17:42 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-29 17:42 . 2008-05-29 17:42 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-29 17:42 . 2008-05-29 17:42 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-29 17:42 . 2008-05-29 17:42 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-29 17:36 . 2008-05-29 17:36 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-29 17:35 . 2008-05-29 17:35 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-29 17:34 . 2008-05-29 17:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 17:34 . 2008-05-29 17:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-29 17:34 . 2008-05-29 17:34 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-29 17:34 . 2008-05-29 17:34 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-29 16:47 . 2008-05-29 16:47 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\TuneUp Software
2008-05-29 16:47 . 2008-05-29 16:47 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-29 16:47 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-29 16:47 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-29 16:45 . 2008-05-29 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 15:18 . 2008-05-29 15:18 <DIR> d-------- C:\Program Files\uTorrent
2008-05-29 15:00 . 2008-05-29 15:00 <DIR> d-------- C:\Program Files\support.com
2008-05-29 15:00 . 2008-05-29 15:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-29 15:00 . 2008-05-29 15:00 966 --a------ C:\net_save.dna

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 01:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\uTorrent
2008-06-26 00:40 --------- d---a-w C:\ProgramData\TEMP
2008-06-23 06:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 19:22 --------- d-----w C:\Program Files\DivX
2008-06-21 16:04 --------- d-----w C:\Program Files\Windows Mail
2008-06-20 23:27 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MxBoost
2008-06-20 21:29 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Move Networks
2008-06-20 01:13 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Maxthon2
2008-06-19 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 16:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-31 01:51 --------- d-----w C:\Program Files\Common Files\Real
2008-05-31 01:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-30 06:46 --------- d-----w C:\Program Files\Google
2008-05-30 01:21 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-30 01:01 --------- d-----w C:\Program Files\Cheat Engine
2008-05-30 00:36 --------- d-----w C:\Program Files\CONEXANT
2008-05-30 00:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 00:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 00:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 00:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 00:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-23 02:19 --------- d-----w C:\Program Files\JetAudio
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-04-28 06:52 2,121,235 ----a-w C:\Windows\System32\x264vfw.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 19:52 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-08-30 16:52 174 --sha-w C:\Program Files\desktop.ini
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

------- Sigcheck -------

2007-04-09 09:27 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\System32\drivers\tcpip.sys
2006-11-02 01:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
2008-01-08 15:14 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
2007-04-09 09:27 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
2008-01-08 15:14 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
2008-05-29 17:42 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-29 15:18 219952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"CubeDesktop"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 20:11 4317184 C:\Windows\RtHDVCpl.exe]
"CHotkey"="zHotkey.exe" [2006-11-07 14:08 547840 C:\Windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 09:13 36864 C:\Windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 14:34 53248 C:\Windows\ModPS2Key.exe]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 16:04 2348584]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 22:51 166304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-17 14:58 40072]

C:\Users\Arkadiy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-12-04 16:22:45 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Users^Arkadiy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Arkadiy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-19 20:05 240640 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 17:52 50736 C:\Program Files\Common Files\AOL\1197928652\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FC655EF9-4CCC-458A-BDD1-535C284CDDAE}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{C1BCA28F-EBBC-4CE9-97DE-056D0F727C00}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"{94E30B97-BC0F-4D51-89F8-CACF23C5E6D1}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{6D71804A-AE92-41EE-A6F5-00C58E291526}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{399408DA-AC4C-4565-AD7E-52FD0B9C31AA}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{2386DB38-2145-467F-966C-7F7111B46C23}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{CEF4EFDC-83AD-4763-90B6-C151CCCD3203}"= UDP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL
"{748F8195-2700-49E5-AE85-437FE57E5FC7}"= TCP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL
"{E37E745A-CCEF-4E57-8C7F-0B7DBBBB8244}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07B771ED-B073-405E-B5E1-79C69B584C9E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E2976706-C364-4E8B-BA19-80F92F3CBF34}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0E9C9B0F-5067-4E0D-A0A9-BAC8B6E6F27B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E1D28528-05C5-4827-B39F-17B97FE3D3D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E8B523A1-85E9-4FAD-A06D-94EB45E6F134}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{40815D6D-31CF-4DD2-9834-01AE02C80E13}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1DD69F80-62C7-43A3-AE32-B677483D48ED}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A5ACE63E-C487-4B6D-A810-5DB91322A4CD}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"TCP Query User{C6417CB4-09ED-4831-AB63-C1ACA3D5EAE9}C:\\users\\arkadiy\\documents\\cs\\counter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe
"UDP Query User{8D0CF02C-1B53-4306-A276-5B17C2B78988}C:\\users\\arkadiy\\documents\\cs\\counter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-29 16:47]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]
S4 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40ceabd-0371-11dd-aeeb-8aef0fdee4ce}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 01:00:02 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-26 21:46:49 C:\Windows\Tasks\User_Feed_Synchronization-{2E7D8B6D-B6CC-4B52-9712-AD7CB5A48BC9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 18:44:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 18:44:53
ComboFix-quarantined-files.txt 2008-06-27 01:44:49

Pre-Run: 153,960,456,192 bytes free
Post-Run: 154,597,543,936 bytes free

286 --- E O F --- 2008-06-21 15:15:55
 
It's slow, I don't think its a virus any spyware, The computer is using 634MB, I'm gonna delete some of the services, and uninstall none critical programs, or delete Help Files like I did on my XP.
 
OS: Windows Vista Premium
CPU: Intel Pentium Dual Core 1.8GHZ
RAM: 1 GIG
HDD: 250 GB




___________________________________________________
LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:31 PM, on 6/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5481E
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdeluxe2/zylomplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7002 bytes
 
That ram usage is not that bad. I use about 800-900mb of ram on idle. You def need more ram though. Atleast 2gb total of ram for Vista.
 
Yeah, I ain't buying ram. I'm gonna Downgrade to XP, this Computer was Bought from the store with Windows Vista Premium pre-installed. I think XP will use 300-400 MB for RAM, way better than 700MB. I hope there are XP Drivers for this computer.
 
You must log in or register to reply here.
Back
Top