WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


System running slow and viruses found by Avast

2 posters

descriptionSystem running slow and viruses found by Avast EmptySystem running slow and viruses found by Avast5th October 2009, 12:53 am

more_horiz
Hello again. I have another coworker's system and it is running slow. I ran his Avast afetr maki8ng updates and came across several viruses which were deleted. If virus names are needed I can send that as well. I have followed all of the guidance for the system prep and below is the readout:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:40 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP Wireless 4 Button Laser Mouse\KMaestro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Administrator\Desktop\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BtcMouseMaestro] "C:\Program Files\HP Wireless 4 Button Laser Mouse\KMaestro.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BCROReminder] C:\Program Files\ByteCrusher\RegistryOptimax\BCRO.exe -rem
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191726319863
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191726386318
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9108 bytes

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast5th October 2009, 1:08 am

more_horiz
Hi

System running slow and viruses found by Avast Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

==

Please download SpiderKill and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please include the SpiderKill and Malwarebytes logs in your next reply.

descriptionSystem running slow and viruses found by Avast EmptyMalwareBytes report5th October 2009, 3:26 am

more_horiz
Malwarebytes' Anti-Malware 1.41
Database version: 2907
Windows 5.1.2600 Service Pack 3

10/4/2009 10:19:36 PM
mbam-log-2009-10-04 (22-19-36).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 157141
Time elapsed: 1 hour(s), 12 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionSystem running slow and viruses found by Avast EmptySpiderKill Report5th October 2009, 3:27 am

more_horiz
SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 6CF5-E325

Directory of C:\Windows\System32\Drivers

10/04/2009 08:50 PM .
10/04/2009 08:50 PM ..
09/15/2009 05:53 AM 27,408 aavmker4.sys
04/13/2008 01:36 PM 187,776 acpi.sys
08/29/2002 07:00 AM 11,648 acpiec.sys
04/13/2008 07:11 PM 4,255 adv01nt5.dll
04/13/2008 07:11 PM 3,967 adv02nt5.dll
04/13/2008 07:11 PM 3,615 adv05nt5.dll
04/13/2008 07:11 PM 3,647 adv07nt5.dll
04/13/2008 07:11 PM 3,135 adv08nt5.dll
04/13/2008 07:11 PM 3,711 adv09nt5.dll
04/13/2008 07:11 PM 3,775 adv11nt5.dll
04/13/2008 11:39 AM 142,592 aec.sys
08/14/2008 05:04 AM 138,496 afd.sys
10/07/2004 08:16 PM 35,840 AFS2K.SYS
04/13/2008 01:36 PM 42,368 agp440.sys
04/13/2008 01:36 PM 44,928 agpcpq.sys
04/13/2008 01:36 PM 42,752 alim1541.sys
04/13/2008 01:36 PM 43,008 amdagp.sys
04/13/2008 01:31 PM 37,376 amdk6.sys
04/13/2008 01:31 PM 37,760 amdk7.sys
04/13/2008 01:51 PM 60,800 arp1394.sys
09/15/2009 05:55 AM 20,560 aswFsBlk.sys
09/15/2009 05:56 AM 93,424 aswmon.sys
09/15/2009 05:56 AM 94,160 aswmon2.sys
09/15/2009 05:54 AM 23,152 aswRdr.sys
09/15/2009 05:55 AM 114,768 aswSP.sys
09/15/2009 05:54 AM 52,368 aswTdi.sys
04/13/2008 01:57 PM 14,336 asyncmac.sys
04/13/2008 01:40 PM 96,512 atapi.sys
08/04/2004 12:29 AM 56,623 ati1btxx.sys
08/04/2004 12:29 AM 11,615 ati1mdxx.sys
08/04/2004 12:29 AM 12,047 ati1pdxx.sys
08/04/2004 12:29 AM 30,671 ati1raxx.sys
08/04/2004 12:29 AM 63,663 ati1rvxx.sys
08/04/2004 12:29 AM 26,367 ati1snxx.sys
08/04/2004 12:29 AM 21,343 ati1ttxx.sys
08/04/2004 12:29 AM 36,463 ati1tuxx.sys
08/04/2004 12:29 AM 29,455 ati1xbxx.sys
08/04/2004 12:29 AM 34,735 ati1xsxx.sys
08/04/2004 12:29 AM 327,040 ati2mtaa.sys
08/04/2004 12:29 AM 701,440 ati2mtag.sys
08/04/2004 12:29 AM 57,856 atinbtxx.sys
08/04/2004 12:29 AM 13,824 atinmdxx.sys
08/04/2004 12:29 AM 14,336 atinpdxx.sys
08/04/2004 12:29 AM 52,224 atinraxx.sys
08/04/2004 12:29 AM 104,960 atinrvxx.sys
08/04/2004 12:29 AM 28,672 atinsnxx.sys
08/04/2004 12:29 AM 13,824 atinttxx.sys
08/04/2004 12:29 AM 73,216 atintuxx.sys
08/04/2004 12:29 AM 31,744 atinxbxx.sys
08/04/2004 12:29 AM 63,488 atinxsxx.sys
07/17/2004 01:36 PM 64,352 ativmc20.cod
04/13/2008 01:51 PM 59,904 atmarpc.sys
08/29/2002 07:00 AM 31,360 atmepvc.sys
04/13/2008 01:51 PM 55,808 atmlane.sys
08/29/2002 07:00 AM 352,256 atmuni.sys
04/13/2008 07:11 PM 21,183 atv01nt5.dll
04/13/2008 07:11 PM 11,359 atv02nt5.dll
04/13/2008 07:11 PM 25,471 atv04nt5.dll
04/13/2008 07:11 PM 14,143 atv06nt5.dll
04/13/2008 07:11 PM 17,279 atv10nt5.dll
08/17/2001 08:59 AM 3,072 audstub.sys
08/29/2002 07:00 AM 4,224 beep.sys
04/13/2008 01:53 PM 71,552 bridge.sys
04/13/2008 01:46 PM 17,024 bthenum.sys
04/13/2008 01:46 PM 37,888 bthmodem.sys
04/13/2008 01:51 PM 101,120 bthpan.sys
06/13/2008 06:05 AM 272,128 bthport.sys
04/13/2008 01:46 PM 36,480 bthprint.sys
04/13/2008 01:46 PM 18,944 bthusb.sys
08/29/2002 07:00 AM 13,952 cbidf2k.sys
08/29/2002 07:00 AM 18,688 cdaudio.sys
04/13/2008 02:14 PM 63,744 cdfs.sys
04/13/2008 01:40 PM 62,976 cdrom.sys
04/13/2008 07:11 PM 15,423 ch7xxnt5.dll
08/29/2002 07:00 AM 262,528 cinemst2.sys
04/13/2008 02:16 PM 49,536 classpnp.sys
08/29/2002 07:00 AM 11,776 cpqdap01.sys
04/13/2008 01:31 PM 36,736 crusoe.sys
07/18/2004 12:55 AM 129,045 cxthsfs2.cty
10/06/2007 04:15 PM disdn
04/13/2008 01:40 PM 36,352 disk.sys
04/13/2008 01:40 PM 14,208 diskdump.sys
04/13/2008 01:44 PM 799,744 dmboot.sys
04/13/2008 01:44 PM 153,344 dmio.sys
08/29/2002 07:00 AM 5,888 dmload.sys
04/13/2008 01:45 PM 52,864 dmusic.sys
04/13/2008 12:45 PM 60,160 drmk.sys
04/13/2008 01:45 PM 2,944 drmkaud.sys
08/29/2002 07:00 AM 10,496 dxapi.sys
04/13/2008 01:38 PM 71,168 dxg.sys
08/29/2002 07:00 AM 3,328 dxgthk.sys
10/06/2007 04:17 PM etc
04/13/2008 02:14 PM 143,744 fastfat.sys
04/13/2008 01:40 PM 27,392 fdc.sys
08/17/2001 07:13 AM 27,165 fetnd5.sys
04/13/2008 01:33 PM 44,544 fips.sys
04/13/2008 01:40 PM 20,480 flpydisk.sys
04/13/2008 01:32 PM 129,792 fltmgr.sys
08/29/2002 07:00 AM 12,160 fsvga.sys
08/29/2002 07:00 AM 7,936 fs_rec.sys
08/29/2002 07:00 AM 125,056 ftdisk.sys
04/13/2008 01:36 PM 46,464 gagp30kx.sys
04/13/2008 01:45 PM 10,624 gameenum.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
08/29/2002 07:00 AM 3,440,660 gm.dls
08/29/2002 07:00 AM 646 gmreadme.txt
04/13/2008 11:36 AM 144,384 hdaudbus.sys
04/13/2008 01:46 PM 25,600 hidbth.sys
04/13/2008 01:45 PM 36,864 hidclass.sys
04/13/2008 01:45 PM 19,200 hidir.sys
04/13/2008 01:45 PM 24,960 hidparse.sys
04/13/2008 01:45 PM 10,368 hidusb.sys
07/16/2003 03:55 AM 51,056 hpzid412.sys
07/16/2003 03:55 AM 16,496 HPZipr12.sys
07/16/2003 03:55 AM 21,488 HPZius12.sys
08/04/2004 12:41 AM 220,032 hsfbs2s2.sys
08/04/2004 12:41 AM 685,056 hsfcxts2.sys
08/04/2004 12:41 AM 1,041,536 hsfdpsp2.sys
04/13/2008 01:53 PM 264,832 http.sys
04/13/2008 02:18 PM 52,480 i8042prt.sys
04/13/2008 01:40 PM 42,112 imapi.sys
04/13/2008 01:31 PM 36,352 intelppm.sys
04/13/2008 01:53 PM 36,608 ip6fw.sys
08/29/2002 07:00 AM 32,896 ipfltdrv.sys
04/13/2008 01:57 PM 20,864 ipinip.sys
04/13/2008 01:57 PM 152,832 ipnat.sys
04/13/2008 02:19 PM 75,264 ipsec.sys
04/13/2008 01:45 PM 46,592 irbus.sys
04/13/2008 01:54 PM 11,264 irenum.sys
04/13/2008 01:36 PM 37,248 isapnp.sys
04/13/2008 01:39 PM 24,576 kbdclass.sys
04/13/2008 01:39 PM 14,592 kbdhid.sys
04/13/2008 01:45 PM 172,416 kmixer.sys
04/13/2008 01:16 PM 141,056 ks.sys
06/24/2009 06:18 AM 92,928 ksecdd.sys
04/11/2007 04:32 PM 20,496 L8042Kbd.sys
04/11/2007 04:32 PM 63,248 L8042mou.Sys
04/11/2007 04:32 PM 34,832 LHidFilt.Sys
04/11/2007 04:32 PM 36,112 LMouFilt.Sys
04/11/2007 04:33 PM 79,376 LMouKE.Sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/29/2002 07:00 AM 7,680 mcd.sys
08/04/2004 12:41 AM 11,868 mdmxsdk.sys
04/13/2008 01:36 PM 63,744 mf.sys
08/29/2002 07:00 AM 4,224 mnmdd.sys
04/13/2008 02:00 PM 30,080 modem.sys
04/13/2008 01:39 PM 23,040 mouclass.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
04/13/2008 01:39 PM 42,368 mountmgr.sys
04/13/2008 01:39 PM 92,544 mqac.sys
04/13/2008 01:32 PM 180,608 mrxdav.sys
10/24/2008 06:21 AM 455,296 mrxsmb.sys
04/13/2008 01:32 PM 19,072 msfs.sys
04/13/2008 01:56 PM 35,072 msgpc.sys
04/13/2008 01:39 PM 7,552 mskssrv.sys
08/17/2001 09:00 AM 2,944 msmpu401.sys
04/13/2008 01:39 PM 5,376 mspclock.sys
04/13/2008 01:39 PM 4,992 mspqm.sys
04/13/2008 01:36 PM 15,488 mssmbios.sys
08/04/2004 12:41 AM 126,686 mtlmnt5.sys
08/04/2004 12:41 AM 1,309,184 mtlstrm.sys
08/04/2004 12:29 AM 452,736 mtxparhm.sys
04/13/2008 02:17 PM 105,344 mup.sys
04/13/2008 01:43 PM 12,672 mutohpen.sys
04/13/2008 02:20 PM 182,656 ndis.sys
04/13/2008 01:57 PM 10,112 ndistapi.sys
04/13/2008 01:55 PM 14,592 ndisuio.sys
04/13/2008 02:20 PM 91,520 ndiswan.sys
04/13/2008 01:57 PM 40,576 ndproxy.sys
04/13/2008 01:56 PM 34,688 netbios.sys
04/13/2008 02:21 PM 162,816 netbt.sys
04/15/2002 09:11 PM 67,866 netwlan5.img
04/13/2008 01:51 PM 61,824 nic1394.sys
08/29/2002 07:00 AM 12,032 nikedrv.sys
04/13/2008 01:53 PM 40,320 nmnt.sys
04/13/2008 01:32 PM 30,848 npfs.sys
04/13/2008 02:15 PM 574,976 ntfs.sys
08/04/2004 12:41 AM 180,360 ntmtlfax.sys
08/29/2002 07:00 AM 2,944 null.sys
08/04/2004 12:29 AM 1,897,408 nv4_mini.sys
08/29/2002 07:00 AM 12,416 nwlnkflt.sys
08/29/2002 07:00 AM 32,512 nwlnkfwd.sys
04/13/2008 01:56 PM 88,320 nwlnkipx.sys
08/29/2002 07:00 AM 63,232 nwlnknb.sys
08/29/2002 07:00 AM 55,936 nwlnkspx.sys
04/13/2008 01:34 PM 163,584 nwrdr.sys
05/17/2004 01:01 PM 26,624 oobctm.sys
08/29/2002 07:00 AM 3,456 oprghdlr.sys
04/13/2008 01:31 PM 42,752 p3.sys
04/13/2008 01:40 PM 80,128 parport.sys
04/13/2008 01:40 PM 19,712 partmgr.sys
08/29/2002 07:00 AM 6,784 parvdm.sys
04/13/2008 01:36 PM 68,224 pci.sys
04/13/2008 01:40 PM 24,960 pciidex.sys
04/13/2008 01:36 PM 120,192 pcmcia.sys
04/13/2008 01:19 PM 146,048 portcls.sys
04/13/2008 01:31 PM 35,840 processr.sys
04/13/2008 01:56 PM 69,120 psched.sys
08/29/2002 07:00 AM 17,792 ptilink.sys
11/01/2004 03:02 PM 17,168 pxhelp20.sys
08/29/2002 07:00 AM 8,832 rasacd.sys
04/13/2008 02:19 PM 51,328 rasl2tp.sys
04/13/2008 01:57 PM 41,472 raspppoe.sys
04/13/2008 02:19 PM 48,384 raspptp.sys
08/29/2002 07:00 AM 16,512 raspti.sys
08/29/2002 07:00 AM 34,432 rawwan.sys
04/13/2008 02:28 PM 175,744 rdbss.sys
08/29/2002 07:00 AM 4,224 rdpcdd.sys
04/13/2008 01:32 PM 196,224 rdpdr.sys
04/13/2008 07:13 PM 139,656 rdpwd.sys
08/04/2004 12:41 AM 13,776 recagent.sys
04/13/2008 01:40 PM 57,600 redbook.sys
04/13/2008 01:46 PM 59,136 rfcomm.sys
08/29/2002 07:00 AM 12,032 rio8drv.sys
08/29/2002 07:00 AM 12,032 riodrv.sys
05/08/2008 09:02 AM 203,136 rmcast.sys
04/13/2008 01:56 PM 30,592 rndismp.sys
04/13/2008 01:56 PM 30,592 rndismpx.sys
08/29/2002 07:00 AM 5,888 rootmdm.sys
03/02/2004 02:02 PM 167,040 s3gnbm.sys
04/13/2008 01:40 PM 96,384 scsiport.sys
04/13/2008 01:36 PM 79,232 sdbus.sys
11/13/2007 05:25 AM 20,480 secdrv.sys
04/13/2008 01:40 PM 15,744 serenum.sys
04/13/2008 02:15 PM 64,512 serial.sys
04/13/2008 01:40 PM 11,904 sffdisk.sys
04/13/2008 01:40 PM 10,240 sffp_mmc.sys
04/13/2008 01:40 PM 11,008 sffp_sd.sys
04/13/2008 01:40 PM 11,392 sfloppy.sys
04/13/2008 07:12 PM 3,901 siint5.dll
04/13/2008 01:36 PM 40,960 sisagp.sys
12/16/2004 05:40 PM 55,312 slabbus.sys
12/16/2004 05:41 PM 6,144 slabcm.sys
12/16/2004 05:41 PM 6,144 slabcmnt.sys
12/16/2004 05:41 PM 89,808 slabser.sys
12/16/2004 05:39 PM 5,776 slabwh.sys
12/16/2004 05:39 PM 5,776 slabwhnt.sys
08/04/2004 12:41 AM 129,535 slnt7554.sys
08/04/2004 12:41 AM 404,990 slntamr.sys
08/04/2004 12:41 AM 95,424 slnthal.sys
08/04/2004 12:41 AM 13,240 slwdmsup.sys
04/13/2008 01:36 PM 5,888 smbali.sys
08/29/2002 07:00 AM 14,592 smclib.sys
04/13/2008 01:46 PM 25,344 sonydcam.sys
04/13/2008 01:45 PM 6,272 splitter.sys
04/13/2008 01:36 PM 73,472 sr.sys
12/11/2008 05:57 AM 333,952 srv.sys
04/13/2008 12:45 PM 49,408 stream.sys
04/13/2008 01:39 PM 4,352 swenum.sys
04/13/2008 01:45 PM 56,576 swmidi.sys
04/13/2008 02:15 PM 60,800 sysaudio.sys
04/13/2008 01:40 PM 14,976 tape.sys
06/20/2008 06:51 AM 361,600 tcpip.sys
06/20/2008 06:08 AM 225,856 tcpip6.sys
04/13/2008 02:00 PM 19,072 tdi.sys
04/13/2008 07:13 PM 12,040 tdpipe.sys
04/13/2008 07:13 PM 21,896 tdtcp.sys
04/13/2008 07:13 PM 40,840 termdd.sys
08/29/2002 07:00 AM 51,712 tosdvd.sys
08/29/2002 07:00 AM 21,376 tsbvcap.sys
04/13/2008 01:56 PM 12,288 tunmp.sys
04/13/2008 01:36 PM 44,672 uagp35.sys
04/13/2008 01:32 PM 66,048 udfs.sys
10/03/2009 10:27 PM UMDF
04/13/2008 01:39 PM 384,768 update.sys
04/13/2008 01:56 PM 12,800 usb8023.sys
04/13/2008 01:56 PM 12,800 usb8023x.sys
07/09/2009 12:16 PM 39,424 usbaapl.sys
04/13/2008 01:45 PM 25,600 usbcamd.sys
04/13/2008 01:45 PM 25,728 usbcamd2.sys
04/13/2008 01:45 PM 32,128 usbccgp.sys
08/29/2002 07:00 AM 4,736 usbd.sys
04/13/2008 01:45 PM 30,208 usbehci.sys
04/13/2008 01:45 PM 59,520 usbhub.sys
04/13/2008 01:45 PM 15,872 usbintel.sys
04/13/2008 01:45 PM 143,872 usbport.sys
04/13/2008 01:47 PM 25,856 usbprint.sys
04/13/2008 01:45 PM 15,104 usbscan.sys
04/13/2008 01:45 PM 26,368 usbstor.sys
04/13/2008 01:45 PM 20,608 usbuhci.sys
04/13/2008 01:46 PM 121,984 usbvideo.sys
04/13/2008 07:12 PM 11,325 vchnt5.dll
08/29/2002 07:00 AM 58,112 vdmindvd.sys
04/13/2008 01:44 PM 20,992 vga.sys
04/13/2008 01:36 PM 42,240 viaagp.sys
04/13/2008 01:40 PM 5,376 viaide.sys
03/12/2002 06:57 PM 43,776 viaudio.sys
04/13/2008 01:44 PM 81,664 videoprt.sys
08/10/2006 06:32 AM 204,672 vinyl97.sys
04/13/2008 01:41 PM 52,352 volsnap.sys
04/13/2008 01:43 PM 14,208 wacompen.sys
08/04/2004 12:29 AM 11,807 wadv07nt.sys
08/04/2004 12:29 AM 11,295 wadv08nt.sys
08/04/2004 12:29 AM 11,871 wadv09nt.sys
08/04/2004 12:29 AM 11,935 wadv11nt.sys
04/13/2008 01:57 PM 34,560 wanarp.sys
08/04/2004 12:29 AM 22,271 watv06nt.sys
08/04/2004 12:29 AM 25,471 watv10nt.sys
11/02/2006 08:22 AM 492,000 wdf01000.sys
11/02/2006 08:22 AM 32,224 wdfldr.sys
04/13/2008 02:17 PM 83,072 wdmaud.sys
08/29/2002 07:00 AM 4,352 wmilib.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
08/29/2002 07:00 AM 12,032 ws2ifsl.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
304 File(s) 28,202,314 bytes

Directory of C:\Windows\System32\Drivers\disdn

10/06/2007 04:15 PM .
10/06/2007 04:15 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/06/2007 04:17 PM .
10/06/2007 04:17 PM ..
08/29/2002 07:00 AM 734 hosts
08/29/2002 07:00 AM 3,683 lmhosts.sam
08/29/2002 07:00 AM 407 networks
08/29/2002 07:00 AM 799 protocol
08/29/2002 07:00 AM 7,116 services
5 File(s) 12,739 bytes

Directory of C:\Windows\System32\Drivers\UMDF

10/03/2009 10:27 PM .
10/03/2009 10:27 PM ..
10/18/2006 09:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
310 File(s) 28,886,285 bytes
11 Dir(s) 26,127,372,288 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 6CF5-E325

Directory of C:\Windows\System32\Drivers

12/25/2008 05:22 PM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
12/25/2008 05:22 PM 0 Msft_Kernel_LHidFilt_01005.Wdf
12/25/2008 05:22 PM 0 Msft_Kernel_LMouFilt_01005.Wdf
3 File(s) 0 bytes
0 Dir(s) 26,127,384,576 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 564 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 620 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 644 High C:\WINDOWS\system32\winlogon.exe
services.exe 688 Normal C:\WINDOWS\system32\services.exe
lsass.exe 700 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 872 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 940 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1036 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1108 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1168 Normal C:\WINDOWS\System32\svchost.exe
Explorer.EXE 1528 Normal C:\WINDOWS\Explorer.EXE
aswUpdSv.exe 1544 Normal C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
ashServ.exe 1648 High C:\Program Files\Alwil Software\Avast4\ashServ.exe
ashDisp.exe 1868 Normal C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
GrooveMonitor.exe 1876 Normal C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PicasaMediaDetector.exe 1884 Normal C:\Program Files\Picasa2\PicasaMediaDetector.exe
PDVDServ.exe 1892 Normal C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
HPWuSchd.exe 1908 Normal C:\Program Files\HP\HP Software Update\HPWuSchd.exe
hpcmpmgr.exe 1920 Normal C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
KMaestro.exe 1940 Normal C:\Program Files\HP Wireless 4 Button Laser Mouse\KMaestro.exe
iTunesHelper.exe 128 Normal C:\Program Files\iTunes\iTunesHelper.exe
ctfmon.exe 196 Normal C:\WINDOWS\system32\ctfmon.exe
hpqtra08.exe 232 Normal C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
SetPoint.exe 248 Normal C:\Program Files\Logitech\SetPoint\SetPoint.exe
WindowsSearch.exe 312 Normal C:\Program Files\Windows Desktop Search\WindowsSearch.exe
KHALMNPR.EXE 388 Normal C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
ymsgr_tray.exe 440 Normal C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
spoolsv.exe 1380 Normal C:\WINDOWS\system32\spoolsv.exe
RegCure.exe 1180 Normal C:\Program Files\RegCure\RegCure.exe
svchost.exe 2224 Normal C:\WINDOWS\System32\svchost.exe
AppleMobileDeviceService.exe 2276 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 2292 Normal C:\Program Files\Bonjour\mDNSResponder.exe
oodag.exe 2372 Normal C:\WINDOWS\system32\oodag.exe
svchost.exe 2756 Normal C:\WINDOWS\System32\svchost.exe
WLIDSVC.EXE 2816 Normal C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
SearchIndexer.exe 2964 Normal C:\WINDOWS\system32\SearchIndexer.exe
WLIDSvcM.exe 3468 Normal C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
iPodService.exe 3472 Normal C:\Program Files\iPod\bin\iPodService.exe
ashMaiSv.exe 3512 Normal C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
ashWebSv.exe 3568 Normal C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
alg.exe 3972 Normal C:\WINDOWS\System32\alg.exe
jqs.exe 2152 Idle C:\Program Files\Java\jre6\bin\jqs.exe
iexplore.exe 240 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 2664 Normal C:\Program Files\Internet Explorer\iexplore.exe
winlogon.scr 2868 Normal C:\Documents and Settings\Administrator\Desktop\winlogon.scr
mbam.exe 4068 Normal C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
SearchProtocolHost.exe 1344 Below Normal C:\WINDOWS\system32\SearchProtocolHost.exe
SearchFilterHost.exe 596 Below Normal C:\WINDOWS\system32\SearchFilterHost.exe
cmd.exe 2924 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 3336 Normal C:\Documents and Settings\Administrator\Desktop\Jim\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(1528)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5803 (xpsp_sp3_gdr.090428-1325) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5512 (xpsp.080413-0852) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18806 (longhorn_ie8_gdr.090701-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
GrooveShellExtensions.dll 661d0000 2224128 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 12.0.6421.1000 GrooveShellExtensions Module
GrooveUtil.DLL 68ef0000 991232 C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL 12.0.6423.1000 GrooveUtil Module
MSVCR80.dll e60000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft®️ C Runtime Library
GrooveNew.DLL 68ff0000 28672 C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL 12.0.6413.1000 GrooveNew Module
ATL80.DLL 7c630000 110592 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL 8.00.50727.4053 ATL Module for Windows (Unicode)
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
MSImg32.dll 76380000 20480 C:\WINDOWS\system32\MSImg32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
GrooveSystemServices.dll 65e50000 184320 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 12.0.6421.1000 GrooveSystemServices Module
msxml3.dll 74980000 1130496 C:\WINDOWS\system32\msxml3.dll 8.100.1048.0 MSXML 3.0 SP10
MSNLNamespaceMgr.dll 18b0000 315392 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500) Windows Search Namespace Manager
ieframe.dll 3e1c0000 11083776 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18812 (longhorn_ie8_gdr.090717-2100) Internet Explorer
xpsp2res.dll 1a40000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
deskbar.dll 1f10000 606208 C:\Program Files\Windows Desktop Search\deskbar.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search Deskbar extension
dbres.dll.mui 10000000 16384 C:\Program Files\Windows Desktop Search\en-us\dbres.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
dbres.dll 20c0000 90112 C:\Program Files\Windows Desktop Search\dbres.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
wordwheel.dll 2130000 606208 C:\Program Files\Windows Desktop Search\wordwheel.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
msnlExtRes.dll.mui 21e0000 32768 C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
msnlExtRes.dll 21f0000 618496 C:\Program Files\Windows Desktop Search\msnlExtRes.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
webcheck.dll db0000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\System32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\System32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\System32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
mydocs.dll 72410000 106496 C:\WINDOWS\System32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
GrooveMisc.dll 66b50000 1568768 C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll 12.0.6421.1000 GrooveMisc Module
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
lgscroll.dll 10100000 61440 C:\Program Files\Logitech\SetPoint\lgscroll.dll 4.00.121 Logitech Scroll Enabler (UNICODE)
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll 8.00.50727.3053 Microsoft®️ C++ Runtime Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft®️ Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GrooveIntlResource.dll 37f0000 921600 C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll 12.0.6413.1000 GrooveIntlResource Module
MSFTEDIT.DLL 4b400000 548864 C:\WINDOWS\system32\MSFTEDIT.DLL 5.41.15.1515 Rich Text Edit Control, v4.1
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
shdoclc.dll 71800000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
MSGINA.dll 75970000 1015808 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.5512 (xpsp.080413-2113) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
odbcint.dll 37b0000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
wdsShell.dll 42f0000 798720 C:\Program Files\Windows Desktop Search\wdsShell.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) wdsShell
PROPSYS.dll 4470000 765952 C:\WINDOWS\System32\PROPSYS.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Microsoft Property System
LangWrbk.dll 62c70000 102400 C:\WINDOWS\system32\LangWrbk.dll 5.1.2600.0 (xpclient.010817-1148) English wordbreaker
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
mshtml.dll 3da20000 5951488 C:\WINDOWS\system32\mshtml.dll 8.00.6001.18812 (longhorn_ie8_gdr.090717-2100) Microsoft (R) HTML Viewer
msls31.dll 4700000 167936 C:\WINDOWS\system32\msls31.dll 3.10.349.0 Microsoft Line Services library file
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
DDRAW.dll 73760000 307200 C:\WINDOWS\system32\DDRAW.dll 5.03.2600.5512 (xpsp.080413-0845) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\system32\DCIMAN32.dll 5.1.2600.5512 (xpsp.080413-2105) DCI Manager
jscript.dll 3d7a0000 737280 C:\WINDOWS\System32\jscript.dll 5.8.6001.22886 Microsoft (R) Jscript
msimtf.dll 746f0000 172032 C:\WINDOWS\System32\msimtf.dll 5.1.2600.5512 (xpsp.080413-2105) Active IMM Server DLL
gdiplus.dll 4ec50000 1728512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416) Microsoft GDI+
D3DIM700.DLL 73940000 851968 C:\WINDOWS\system32\D3DIM700.DLL 5.03.2600.5512 (xpsp.080413-0845) Microsoft Direct3D
MSDART.DLL 765b0000 151552 C:\WINDOWS\system32\MSDART.DLL 2.81.1132.0 (xpsp.080413-0852) Microsoft Data Access - OLE DB Runtime Routines
oledb32.dll 73160000 487424 C:\Program Files\Common Files\System\Ole DB\oledb32.dll 2.81.1132.0 (xpsp.080413-0852) Microsoft Data Access - OLE DB Core Services
OLEDB32R.DLL 75350000 69632 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL 2.81.1132.0 (xpsp.080413-0852) Microsoft Data Access - OLE DB Core Services Resources
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft®️ Windows(TM) Telephony API Client DLL
msv1_0.dll 77c70000 151552 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\system32\cryptdll.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptography Manager
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.5512 (xpsp.080413-2108) SENS Connectivity API DLL
mswsock.dll 71a50000 258048 C:\WINDOWS\System32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.5512 (xpsp.080413-2113) LDAP RnR Provider DLL
mdnsNSP.dll 16080000 151552 C:\Program Files\Bonjour\mdnsNSP.dll 1,0,6,2 Bonjour Namespace Provider
hnetcfg.dll da00000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
dfshim.dll 60510000 102400 c:\WINDOWS\system32\dfshim.dll 2.0.50727.3053 (netfxsp.050727-3000) Application Deployment Support Library
mscoree.dll 79000000 286720 c:\WINDOWS\system32\mscoree.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Runtime Execution Engine
mscorwks.dll 79e70000 5832704 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 2.0.50727.3082 (QFE.050727-3000) Microsoft .NET Runtime Common Language Runtime - WorkStation
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
Shfusion.dll 641f0000 122880 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft COM Runtime Fusion Assembly Viewer
Fusion.dll 60610000 24576 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll 2.0.50727.3053 (netfxsp.050727-3000) Assembly manager
culture.dll 60340000 32768 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft Globalization Support
ShFusRes.dll 64220000 98304 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft COM Runtime Fusion Assembly Viewer Resources
cryptnet.dll 75e60000 77824 C:\WINDOWS\system32\cryptnet.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto Network Related API
DHCPCSVC.DLL 7d4b0000 139264 C:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.5512 (xpsp.080413-0852) DHCP Client Service
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
YMMAPI.dll 64000000 294912 C:\Program Files\Yahoo!\Common\YMMAPI.dll 2005, 1, 1, 12 Yahoo! Mail
ashShell.dll 64f00000 73728 C:\Program Files\Alwil Software\Avast4\ashShell.dll 4, 8, 1356, 0 avast! Shell Extension
PDFShell.dll 3140000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
SDHelper.dll 3610000 872448 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll 1, 4, 0, 0 Bad download blocker
olepro32.dll 5edd0000 94208 C:\WINDOWS\system32\olepro32.dll 5.1.2600.5512 5.1.2600.5512
msohevi.dll 6bd10000 65536 C:\Program Files\Microsoft Office\Office12\msohevi.dll 12.0.6413.1000 2007 Microsoft Office component
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\System32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
pwrshsip.dll 461f0000 36864 C:\WINDOWS\system32\WindowsPowerShell\v1.0\pwrshsip.dll 6.0.5430.0 (winmain(wmbla).060830-0116) Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml)



******************************************
EOF

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast5th October 2009, 3:44 am

more_horiz
Hi

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

RegCure
AskBarDis (Ask Toolbar)

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\AskBarDis
C:\Program Files\RegCure

Please reboot your computer, and post a new HijackThis log here in your next reply.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


==

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.
  • Please disable realtime protection. (If any)
  • Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  • Double-click DragonFix.reg, and follow the prompt(s).
  • Please reboot your computer.


==

In your next reply, please include logs from both HijackThis and Security Check. Also, please tell me how the computer is running.

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast12th October 2009, 5:06 pm

more_horiz
Hello. My last post was right when the system went into maintenance mode so it didn't get through and I had to leave for the week. The system seems to be running better. What was wrong with it?

Here is the post from the Security check followed by the hijack this results.

Thanks.

Jim

*************************
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Spybot - Search & Destroy 1.4
HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

**********************************8

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:12 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP Wireless 4 Button Laser Mouse\KMaestro.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Jim\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [BtcMouseMaestro] "C:\Program Files\HP Wireless 4 Button Laser Mouse\KMaestro.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BCROReminder] C:\Program Files\ByteCrusher\RegistryOptimax\BCRO.exe -rem
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191726319863
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191726386318
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8859 bytes

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast12th October 2009, 8:22 pm

more_horiz
Hi

Nothing major was wrong with the system. Did you do any scans before posting your first log in this topic?

The only things that were slowing the system down were RegCure and Ask Toolbar. Ask toolbar actually slows down browsing.

To speed it up a little more, do the following:

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • PC Tools Firewall Plus: free and excellent firewall.


AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast13th October 2009, 3:31 am

more_horiz
Hi. Yes, I did run some scans before I started sending information. I updated his virus protection which had expired and deleted 5 viruses. I also reset some settings to keep from holding temp internet files beyond one day and deleted some old file sthat were not needed.

The system is running better.

He does have Firefox on his system and I think he uses that more than IE.

I also use Adaware on my system. Is it better to use Spybot?

Do I need to uninstall all of the programs that you had me run on his system? I generally do but if there are some that should be left please let me know.

Thanks so much.

Jim

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast13th October 2009, 3:56 am

more_horiz
Ad-Aware is fine as well.

Go ahead and delete SpiderKill. The rest should be fine to stay.

descriptionSystem running slow and viruses found by Avast EmptyRe: System running slow and viruses found by Avast

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum