There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Windows NT/2000/XP
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Operating Systems > Windows NT/2000/XP >
PC suddenly being slow


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 2 1 2 >
 
Thread Tools
conlith's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 08:22 AM #1
Exclamation PC suddenly being slow
Hello everybody.

As the title states my computer all of a sudden started to be really slow, this happened about a week ago.

Well, a little history behind my Laptop. It's an Acer TravelMate 4070, and I got it at the end of summer vacation 2006, so it's kinda old, I know. Anyways, it has worked perfectly for it's purposes until a week ago. I only used it for Photoshop, Dreamweaver, Firefox, Messenger, iTunes and World of Warcraft (admitted; im addicted) which all ran with no problems at all.

Now 3 weeks ago I reformatted it, due to helluvalot BSODS, and then I reformatted it again 2 weeks ago 'cos the 3 weeks ago reformat was a false copy of Windows XP, tho. I got a serial!

Well then I reformatted it 2 weeks ago as stated and installed all the standard things like:
Firefox, WinRar, Windows Live, Photoshop, Dreamweaver, Daemon Tools, VLC, Spytbot S&D, CCleaner and all the drivers for my laptop ofc.

Then there went a week and I installed BitTorrent, 'cos I wanted something I've allready payed license on! After that there went 3 days and my computer suddenly started to run very slow.
It takes 2 minutes to start up and explorer.exe uses additional 1 minute to load. Also, I can't play music and watch videos on it anymore, music simply gets a "lag" every 1sec, and videos plays like they have a FPS equal 1, plus my CPU speeds is on 60%+ if I have anything open at all or moves my mouse to fast.

I can provide you with any log you want, but since I'm not much into it the only log I can think of providing you with rigtht now is HJT.

Logfile of HijackThis v1.99.1
Scan saved at 14:18:00, on 26-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Launch Manager\QtZgAcer.EXE
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daniel Andersen\Skrivebord\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] C:\Programmer\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208001243842
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe


I do not use a antivirus program, havn't had virus one single time. I scan my computer once a week with HJT, CCleaner, Spybot S&D and I defragment once a week to.
Also I uses a program called RunAlyzer once month, paste a log to a friend of mine and he tells me what to do with it.
Every 3th month I install AVG Antivirus, do a total scan and find nothing.
When I do these things I make sure nothing else is running in the background, and no browser is open.

I really hope somebody can help me, since I'm very addicted to my laptop 'cos of my education as a webdeveloper.

Thanks on forehand
Daniel Andersen
Last edited by Cookiegal : 26-Apr-2008 01:01 PM. Reason: Spellmistakes and appearance.
ozrom1e's Avatar
Computer Specs
Distinguished Member with 11,840 posts.
  
Join Date: May 2006
Experience: Advanced
26-Apr-2008, 09:47 AM #2
Quote:
Originally Posted by conlith View Post
Hello everybody.


Now 3 weeks ago I reformatted it, due to helluvalot BSODS, and then I reformatted it again 2 weeks ago 'cos the 3 weeks ago reformat was a false copy of Windows XP, tho. I got a serial!


Thanks on forehand
Daniel Andersen
Please to Read the TSG rules on the forums

Tech Support Guy Site Rules
http://www.techguy.org/rules.html


It does say a few things about illegal operating system (disks) and that we are not allowed to do any sort of tech support on these.
JohnWill's Avatar
Computer Specs
Moderator with 77,371 posts.
  
Join Date: Oct 2002
Location: South Eastern PA, USA
Experience: Advanced age & experience
26-Apr-2008, 09:50 AM #3
As stated, we can provide no assistance for illegal copies of Windows.
JohnWill's Avatar
Computer Specs
Moderator with 77,371 posts.
  
Join Date: Oct 2002
Location: South Eastern PA, USA
Experience: Advanced age & experience
26-Apr-2008, 11:46 AM #4
OK, in light of the fact that you apparently have replaced the illegal copy with a legal copy of Windows, I'm opening this post again.
conlith's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 12:44 PM #5
Thank you, and about the PM thingy - It said I wasnt able to send PM to you, no describtion why. But thanks for reopening my thread (: Looking forward to answers ^^ *rushy rushy*
Cookiegal's Avatar
Administrator with 53,581 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Apr-2008, 01:03 PM #6
Let's just run this to verify that this is indeed a legitimate version of Windows please.


Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.


Also, please don't use code tags when posting logs. It is required in some instances because of format problems but this way it's easier to read the HijackThis log.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Cookiegal's Avatar
Administrator with 53,581 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Apr-2008, 01:04 PM #7
FYI:

New members can't send PMs right away. You will be able to very soon though.
conlith's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 01:12 PM #8
Is it safe to post that MGADiag log? I mean, it shows 3/5 of my serial.
And my budget doesn't allow me to buy Windows XP again if some majorgeek pwns me out from that log. But if you say it's 100% safe then no problem
Cookiegal's Avatar
Administrator with 53,581 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Apr-2008, 01:24 PM #9
It doesn't reveal the entire key so yes you can post it.
conlith's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 01:27 PM #10
Okay, here goes

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-QW3HM-JGRQX-KM77T
Windows Product Key Hash: NiGGJUBjRyjHCl1UtP6NiEnsppE=
Windows Product ID: 55274-640-0185941-23628
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {E0D86B0F-5785-4C07-814B-91EF98D7C2E3}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.59.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.7
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E0D86B0F-5785-4C07-814B-91EF98D7C2E3}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KM77T</PKey><PID>55274-640-0185941-23628</PID><PIDType>1</PIDType><SID>S-1-5-21-1645522239-2025429265-839522115</SID><SYSTEM><Manufacturer>Acer, inc.</Manufacturer><Model>TravelMate 4070 </Model></SYSTEM><BIOS><Manufacturer>Acer </Manufacturer><Version>3A18</Version><SMBIOSVersion major="2" minor="31"/><Date>20060221000000.000000+000</Date></BIOS><HWID>7DD43307018400E2</HWID><UserLCID>0406</UserLCID><SystemLCID>0406</SystemLCID><TimeZone>Rom, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57587</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
Cookiegal's Avatar
Administrator with 53,581 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Apr-2008, 01:39 PM #11
Well your MS Office is not genuine. It's a Blocked Volume Licence:

Office Status: 114 Blocked VLK 2

If this is a standalone machine you shouldn't even have a volume licence on it as they are for corporations. You should contact Microsoft about how to make it genuine.

Next, you say you don't run an anti-virus program. But before helping, I must insist that you install one so please go to the following link and install AVG Free and then come back and post a new HIjackThis log.

http://free.grisoft.com/ww.download-...s-free-edition
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
conlith's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 02:00 PM #12
Here is the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 19:59:42, on 26-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Atheros\ACU.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Daniel Andersen\Skrivebord\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] C:\Programmer\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Programmer\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208001243842
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
Cookiegal's Avatar
Administrator with 53,581 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Apr-2008, 03:45 PM #13
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


Before posting your next HijackThis log, please remove the one you have and download the latest version per the following instructions:


Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
conlith's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Apr 2008
Experience: Intermediate
26-Apr-2008, 05:30 PM #14
So I did that ComboFix thing, still running slow, but here are the logs you asked for

ComboFix 08-04-24.1 - Daniel Andersen 2008-04-26 22:54:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.635 [GMT 2:00]
Running from: C:\Documents and Settings\Daniel Andersen\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Daniel Andersen\Skrivebord\WindowsXP-KB310994-SP2-Pro-BootDisk-DAN.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 22:40 . 2008-04-26 22:40 <DIR> d-------- C:\Programmer\Trend Micro
2008-04-26 21:03 . 2008-04-26 22:14 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-26 19:55 . 2008-04-26 19:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-26 19:55 . 2008-04-26 19:55 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-26 19:54 . 2008-04-26 19:54 <DIR> d-------- C:\Programmer\AVG
2008-04-26 19:54 . 2008-04-26 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-26 19:54 . 2008-04-26 19:54 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-26 19:09 . 2008-04-26 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-26 16:34 . 2008-04-26 16:34 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-26 16:33 . 2008-04-26 23:09 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-04-26 16:33 . 2008-04-12 12:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2008-04-26 16:33 . 2008-04-12 13:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2008-04-26 16:33 . 2008-04-12 13:45 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2008-04-26 16:33 . 2008-04-12 13:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-04-26 16:33 . 2008-04-12 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Foretrukne
2008-04-26 16:33 . 2008-04-12 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenter
2008-04-26 16:33 . 2008-04-12 13:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2008-04-26 16:33 . 2008-04-26 19:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-26 16:33 . 2008-04-26 22:53 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-26 16:30 . 2008-04-26 17:11 <DIR> d-------- C:\SDFix
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Programmer\PCPitstop
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-04-26 13:50 . 2008-04-26 13:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 13:50 . 2008-04-26 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-26 13:19 . 2008-04-26 13:19 <DIR> d-------- C:\Programmer\Apple Software Update
2008-04-26 12:05 . 2008-04-26 12:05 <DIR> d-------- C:\Programmer\Safer Networking
2008-04-23 19:05 . 2008-04-23 19:05 <DIR> d-------- C:\Programmer\WIDCOMM
2008-04-23 16:52 . 2008-04-23 16:52 <DIR> d-------- C:\WINDOWS\Sun
2008-04-23 16:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-23 16:49 . 2008-04-23 16:51 <DIR> d-------- C:\Programmer\Java
2008-04-23 16:49 . <DIR> C:\Programmer\Fælles filer\Java
2008-04-23 00:04 . 2008-04-23 00:04 <DIR> d-------- C:\Programmer\Microsoft ActiveSync
2008-04-23 00:02 . 2008-04-23 00:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-23 00:02 . 2008-04-23 00:02 <DIR> d-------- C:\Programmer\Microsoft.NET
2008-04-21 09:57 . 2008-04-21 09:57 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-04-21 09:57 . 2008-04-21 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 09:51 . 2008-04-21 09:51 <DIR> d-------- C:\Programmer\CCleaner
2008-04-20 19:48 . 2008-04-20 19:48 <DIR> d-------- C:\Documents and Settings\Daniel Andersen\Application Data\vlc
2008-04-20 19:46 . 2008-04-20 19:46 <DIR> d-------- C:\Programmer\VideoLAN
2008-04-20 19:42 . 2007-01-13 09:49 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-18 12:10 . 2005-10-31 18:17 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-18 12:07 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-16 10:08 . 2008-04-16 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-16 10:02 . <DIR> C:\Programmer\Fælles filer\Control Panels
2008-04-16 10:00 . 2008-04-16 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-16 09:39 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-16 09:39 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-16 09:25 . <DIR> C:\Programmer\Fælles filer\Macrovision Shared
2008-04-16 09:22 . <DIR> C:\Programmer\Fælles filer\Adobe
2008-04-15 22:14 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-15 21:31 . 2008-04-15 21:31 <DIR> d-------- C:\Programmer\BestGameEver
2008-04-15 21:15 . 2008-04-15 21:15 <DIR> d-------- C:\Programmer\DAEMON Tools Lite
2008-04-15 20:17 . 2008-04-15 20:17 <DIR> d-------- C:\Documents and Settings\Daniel Andersen\Application Data\DAEMON Tools
2008-04-15 20:17 . 2008-04-15 20:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 18:33 . 2008-04-15 18:33 <DIR> d-------- C:\Programmer\MSXML 4.0
2008-04-15 18:25 . 2008-04-16 09:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-15 15:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-15 15:54 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-15 15:54 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-14 15:53 . 2008-04-14 17:43 <DIR> d-------- C:\Documents and Settings\Daniel Andersen\Contacts
2008-04-14 15:06 . 2008-04-14 15:51 <DIR> d-------- C:\Programmer\Windows Live
2008-04-14 15:06 . <DIR> C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-04-14 15:06 . 2008-04-14 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-14 10:21 . 2007-06-26 08:10 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-04-14 08:04 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-14 08:01 . 2007-07-06 14:50 660,992 -----c--- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-04-14 08:01 . 2007-07-06 14:50 478,208 -----c--- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-04-14 08:01 . 2007-07-06 14:50 177,152 -----c--- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-04-14 08:01 . 2007-07-06 14:50 138,240 -----c--- C:\WINDOWS\system32\dllcache\mqad.dll
2008-04-14 08:01 . 2007-07-06 14:50 95,744 -----c--- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-04-14 08:01 . 2007-07-06 12:05 72,960 -----c--- C:\WINDOWS\system32\dllcache\mqac.sys
2008-04-14 08:01 . 2007-07-06 14:50 48,640 -----c--- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-04-14 08:01 . 2007-07-06 14:50 47,104 -----c--- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-04-14 08:01 . 2007-07-06 14:50 16,896 -----c--- C:\WINDOWS\system32\dllcache\mqise.dll
2008-04-14 07:59 . 2008-02-20 07:37 148,992 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-04-14 07:59 . 2006-06-26 19:45 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-04-13 20:46 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-13 18:31 . 2007-04-16 17:54 1,000,960 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-04-13 18:31 . 2006-08-17 14:29 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-04-13 18:31 . 2006-08-17 14:29 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll
2008-04-13 13:32 . 2008-04-16 10:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-13 12:44 . 2008-04-13 12:44 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-13 12:44 . 2008-04-13 12:44 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-13 00:56 . 2006-06-14 10:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 00:55 . 2004-08-27 02:53 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-13 00:55 . 2004-08-27 02:53 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-04-13 00:55 . 2004-08-04 08:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 00:55 . 2004-08-04 08:07 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-04-13 00:55 . 2004-08-04 07:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-13 00:55 . 2004-08-04 07:58 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2008-04-13 00:55 . 2004-08-04 07:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-13 00:55 . 2004-08-04 07:58 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys
2008-04-13 00:55 . 2004-08-27 02:53 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-04-13 00:55 . 2004-08-27 02:53 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-04-13 00:47 . 2008-04-13 00:47 <DIR> d-------- C:\Documents and Settings\Daniel Andersen\Application Data\Apple Computer
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\Programmer\QuickTime
2008-04-13 00:46 . 2008-04-13 00:47 <DIR> d-------- C:\Programmer\iTunes
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\Programmer\iPod
2008-04-13 00:46 . 2008-04-26 19:36 <DIR> d-------- C:\Programmer\Bonjour
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-13 00:45 . <DIR> C:\Programmer\Fælles filer\Apple
2008-04-13 00:45 . 2008-04-13 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-13 00:44 . 2008-04-18 12:07 <DIR> d-------- C:\Programmer\Realtek
2008-04-13 00:44 . 2005-04-16 22:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-13 00:42 . 2008-04-13 00:42 <DIR> d-------- C:\Documents and Settings\LocalService\Menuen Start
2008-04-13 00:42 . 2008-04-13 00:42 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-12 15:11 . 2008-04-12 15:11 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-12 15:11 . 2008-04-12 15:11 <DIR> d-------- C:\WINDOWS\peernet
2008-04-12 15:09 . 2008-04-12 15:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-12 15:05 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-12 15:03 . 2008-04-12 15:11 <DIR> d-------- C:\WINDOWS\EHome
2008-04-12 15:00 . 2004-08-26 17:53 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-12 15:00 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-12 15:00 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-12 13:57 . 2008-04-12 13:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-12 13:56 . 2004-08-27 02:53 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-12 13:56 . 2004-08-27 02:53 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-12 13:56 . 2004-08-27 02:53 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-04-12 13:56 . 2004-08-27 02:53 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-04-12 13:54 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-12 13:54 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-12 13:54 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-12 13:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-12 13:54 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-12 13:54 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 19:02 --------- d-----w C:\Documents and Settings\Daniel Andersen\Application Data\BitTorrent
2008-04-20 20:55 --------- d-----w C:\Documents and Settings\Daniel Andersen\Application Data\DNA
2008-04-12 12:18 --------- d-----w C:\Programmer\DNA
2008-04-12 12:18 --------- d-----w C:\Programmer\BitTorrent
2008-04-12 10:58 --------- d-----w C:\Programmer\microsoft frontpage
2008-04-12 10:57 --------- d-----w C:\Programmer\Onlinetjenester
2008-04-12 10:55 --------- d-----w C:\Programmer\Fælles filer\Tjenester
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"DAEMON Tools Lite"="C:\Programmer\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 17:38 458752]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17 102491]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16 692315]
"ACU"="C:\Programmer\Atheros\ACU.exe" [2005-01-31 08:05 253952]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.E XE" [2007-03-20 16:40 1884160]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 11:27 15600128 C:\WINDOWS\RTHDCPL.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PC Pitstop Optimize2 Reminder"="C:\Programmer\PCPitstop\Optimize2\Reminder.exe" [2008-01-31 13:54 145648]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-27 02:53 158720]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 19:54 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\DNA\\btdna.exe"=
"C:\\Programmer\\BitTorrent\\bittorrent.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 19:54]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\System32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 19:54]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 osaio;osaio;C:\WINDOWS\System32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\System32\drivers\osanbm.sys [2005-01-14 15:57]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-27 02:53]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 21:17:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
*****************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 23:10:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
.
*******************
.
Completion time: 2008-04-26 23:24:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 21:23:30

Pre-Run: 69,572,673,536 byte ledig
Post-Run: 69,480,452,096 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

259 --- E O F --- 2008-04-23 21:57:10



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:48, on 26-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Atheros\ACU.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\AVG\AVG8\avgrsx.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] C:\Programmer\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize2 Reminder] C:\Programmer\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1208001243842
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Adobe Version Cue CS3 - Adobe System