Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU keeps boosting to 100% after about 5 min


  • This topic is locked This topic is locked
15 replies to this topic

#1 fauzool

fauzool

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 January 2010 - 08:34 AM

I have 2 computers and they are both doing this I know it is not hardware. It will reach 100% and I will have to restart cause it will freeze. I have attached the attach.txt file as well as rootrepeal l(ark.txt.) og file.


DDS


DDS (Ver_09-12-01.01) - NTFSx86
Run by User 2 at 5:04:43.68 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1347 [GMT -8:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\TechSmith\Camtasia Studio 6\CamRecorder.exe
C:\Program Files\TechSmith\Camtasia Studio 6\TSCHelp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Microsoft LifeCam\LifeEnC2.exe
C:\Documents and Settings\User 2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.live.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257905302924
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-22 296976]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-12-22 13360]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-12-22 69936]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-4-25 5120]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-10 19160]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-11-13 30560]
S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-10 236368]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2009-3-17 886056]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-22 92464]

=============== Created Last 30 ================

2010-01-17 13:02:06 0 d-----w- c:\program files\Trend Micro
2010-01-17 12:07:10 0 d-----w- c:\program files\TrendMicro
2010-01-17 11:31:22 0 d-----w- c:\docume~1\user2~1\applic~1\Sunbelt
2010-01-17 11:25:48 0 d-----w- c:\documents and settings\user 2\Tracing
2010-01-17 11:13:10 0 d-sh--w- c:\documents and settings\user 2\PrivacIE
2010-01-17 11:11:24 0 d-----w- c:\windows\A589DA2651BD475D8C32E19E34145842.TMP
2010-01-17 11:09:02 0 d-sh--w- c:\documents and settings\user 2\IETldCache
2010-01-17 11:08:52 0 d-----w- c:\docume~1\user2~1\applic~1\Intel
2010-01-17 11:08:51 0 d-----w- c:\docume~1\user2~1\applic~1\Windows Desktop Search
2010-01-17 11:08:51 0 d-----w- c:\docume~1\user2~1\applic~1\Wave Systems Corp
2010-01-17 10:37:02 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-17 06:12:03 676704 ----a-w- c:\windows\system32\LCCoin30.dll
2010-01-17 06:11:36 0 d-----w- c:\program files\Microsoft LifeCam
2010-01-15 06:33:40 0 d-----w- c:\program files\WinUHA
2010-01-13 10:56:22 0 d-----w- C:\ccce52bad1b11f350ae2b6a1f2
2010-01-10 20:20:47 0 d-sha-r- C:\cmdcons
2010-01-10 20:18:32 98816 ----a-w- c:\windows\sed.exe
2010-01-10 20:18:32 77312 ----a-w- c:\windows\MBR.exe
2010-01-10 20:18:32 261632 ----a-w- c:\windows\PEV.exe
2010-01-10 20:18:32 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 09:22:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 09:22:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-10 09:22:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 09:22:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 10:13:09 0 d-----w- c:\program files\LimeWire
2010-01-04 04:36:12 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-04 04:36:03 0 d-----w- c:\windows\system32\QuickTime
2010-01-04 04:35:07 0 d-----w- c:\program files\common files\TechSmith Shared
2010-01-02 22:18:07 0 d-----w- c:\program files\Registry Defense
2009-12-30 04:11:06 0 d-----w- c:\program files\KingsIsle Entertainment
2009-12-30 02:38:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-30 02:30:55 0 d-----r- c:\program files\Skype
2009-12-24 12:53:35 0 d-----w- c:\windows\.jagex_cache_32
2009-12-24 02:22:56 0 d-----w- c:\program files\Perfect World Entertainment
2009-12-23 04:42:57 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-12-23 04:29:37 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-23 04:29:37 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-23 04:28:27 0 d-----w- c:\program files\Kaspersky Lab
2009-12-23 04:28:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-12-23 03:20:54 0 d-----w- c:\program files\Solveig Multimedia
2009-12-23 02:02:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-12-23 01:54:26 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-12-23 01:54:26 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-12-23 01:36:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-12-23 01:36:43 0 d-----w- c:\program files\Sunbelt Software
2009-12-22 22:45:04 0 d-----w- c:\program files\common files\Intel
2009-12-22 11:09:26 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2009-12-22 11:09:23 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-12-22 11:09:20 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-12-22 11:09:18 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-12-22 11:09:15 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-12-22 11:09:09 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-12-22 11:09:07 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-12-22 11:09:06 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2009-12-22 11:09:03 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-22 11:09:02 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-12-22 11:09:00 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-12-22 11:07:58 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2009-12-22 11:06:59 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2009-12-22 11:05:58 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-22 11:04:59 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2009-12-22 11:03:58 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll
2009-12-22 11:02:58 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-12-22 11:01:59 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2009-12-22 11:00:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbmidi.sys
2009-12-22 10:59:59 17279 -c--a-w- c:\windows\system32\dllcache\atv10nt5.dll
2009-12-22 10:58:59 829440 -c--a-w- c:\windows\system32\dllcache\inetmgr.dll
2009-12-22 10:56:26 0 d-----w- C:\$WINDOWS.~BT
2009-12-22 10:56:11 1908 ----a-w- c:\windows\diagwrn.xml
2009-12-22 10:56:11 1908 ----a-w- c:\windows\diagerr.xml

==================== Find3M ====================

2010-01-17 12:19:31 56381 ----a-w- c:\windows\system32\nvModes.dat
2009-12-23 04:49:55 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-28 00:44:21 17196 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 5:05:34.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 23 January 2010 - 10:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 25 January 2010 - 01:09 AM

I have pasted the requested files.

OTL

OTL logfile created on: 1/24/2010 9:57:09 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\User 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.56 Gb Total Space | 25.86 Gb Free Space | 34.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: User 2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/24 21:55:49 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 2\Desktop\OTL.exe
PRC - [2009/10/28 15:19:22 | 02,211,328 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2009/07/24 15:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/21 14:28:38 | 00,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:54:58 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/05/21 13:23:04 | 00,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/05/21 13:04:14 | 00,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/09 06:23:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 09:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/11/08 19:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 14:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe


========== Modules (SafeList) ==========

MOD - [2010/01/24 21:55:49 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 2\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/17 20:53:23 | 01,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/28 15:19:22 | 02,211,328 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/24 15:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/05/25 05:26:40 | 00,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/05/21 14:28:38 | 00,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/05/21 13:54:58 | 00,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2009/05/21 13:23:04 | 00,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/05/21 13:04:14 | 00,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/15 15:10:07 | 00,886,056 | ---- | M] (Sunbelt Software) [Disabled | Stopped] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/06/09 06:23:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/02/22 09:40:20 | 00,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/11/08 19:50:10 | 01,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/28 13:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/13 11:31:44 | 00,192,512 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 14:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 14:39:18 | 00,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/11 06:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/12/19 11:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/22 20:49:55 | 00,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/12/22 20:49:55 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\windows\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/12/02 05:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/07/24 15:05:24 | 00,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/28 22:23:24 | 04,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/16 20:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/13 17:46:52 | 00,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/03/04 23:30:16 | 00,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2008/12/15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/11/19 19:22:36 | 00,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/10/27 19:30:00 | 01,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/10/22 17:08:38 | 00,092,464 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/09/12 09:38:30 | 00,013,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2008/08/13 17:23:56 | 00,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/06/15 18:35:00 | 00,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/06/09 06:23:00 | 06,584,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 04:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 04:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/01 13:22:34 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008/04/01 13:22:30 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2008/04/01 13:22:28 | 00,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/04/01 13:22:26 | 00,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/04/01 13:22:26 | 00,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2008/04/01 13:22:24 | 00,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/01 13:22:22 | 00,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/12/05 16:24:44 | 01,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 17:06:06 | 00,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/11/28 15:18:24 | 00,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/10 06:55:00 | 00,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 06:57:14 | 00,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 06:18:40 | 00,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/07/26 00:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/07/23 12:05:20 | 00,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 00,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 00,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 00,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 00,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 00,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 00,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 00,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 11:49:44 | 00,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 00,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 11:43:42 | 00,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/03/30 20:34:14 | 05,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/12 22:26:06 | 00,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/17 05:00:42 | 00,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/12/19 11:21:52 | 00,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 09:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2005/12/01 00:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/12 13:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\windows\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/08/17 18:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\S-1-5-21-2007404497-3047427424-3881915341-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 00:38:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/22 16:19:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/12/22 20:29:05 | 00,000,000 | ---D | M]

[2010/01/21 00:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User 2\Application Data\Mozilla\Extensions
[2010/01/21 00:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User 2\Application Data\Mozilla\Firefox\Profiles\i83yiaux.default\extensions
[2010/01/24 00:31:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/22 20:29:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/01/17 06:36:56 | 00,372,744 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2007404497-3047427424-3881915341-1007\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1257905302924 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 13:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/25 13:28:57 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "avg8wd"
MsConfig - Services: "avg8emc"
MsConfig - Services: "AVP"
MsConfig - Services: "YahooAUService"
MsConfig - Services: "xmlprov"
MsConfig - Services: "wuauserv"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "WaveEnrollmentService"
MsConfig - Services: "Wave UCSPlus"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TOSHIBA Bluetooth Service"
MsConfig - Services: "srservice"
MsConfig - Services: "SENS"
MsConfig - Services: "SeaPort"
MsConfig - Services: "SBAMSvc"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "ProtectedStorage"
MsConfig - Services: "PolicyAgent"
MsConfig - Services: "pgsql-8.3"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "MBAMService"
MsConfig - Services: "Lavasoft Ad-Aware Service"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ImapiService"
MsConfig - Services: "HidServ"
MsConfig - Services: "helpsvc"
MsConfig - Services: "Fax"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "Eventlog"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v2.0.50727_32"
MsConfig - Services: "ClipSrv"
MsConfig - Services: "CiSvc"
MsConfig - Services: "Browser"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "BITS"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "ASFIPmon"
MsConfig - Services: "AppMgmt"
MsConfig - Services: "ALG"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^GigaTribe.lnk - C:\Program Files\GigaTribe\gigatribe.exe - (Gigatribe SAS)
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL LLC)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: igndlm.exe - hkey= - key= - C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
MsConfig - StartUpReg: IntelWireless - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
MsConfig - StartUpReg: IntelZeroConfig - hkey= - key= - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ITSecMng - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KADxMain - hkey= - key= - File not found
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVHotkey - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SBAMTray - hkey= - key= - C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: WavXMgr - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe (Sunbelt Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe (Sunbelt Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/24 21:55:44 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User 2\Desktop\OTL.exe
[2010/01/24 21:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/23 14:49:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusb.dll
[2010/01/23 14:49:35 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusd.dll
[2010/01/23 14:49:34 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\usbscan.sys
[2010/01/22 01:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/22 01:10:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Adobe
[2010/01/22 00:34:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\WinRAR
[2010/01/22 00:33:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\My Documents\Downloads
[2010/01/21 00:38:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Mozilla
[2010/01/21 00:38:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Mozilla
[2010/01/20 23:14:49 | 00,025,216 | ---- | C] (The OpenVPN Project) -- C:\windows\System32\drivers\tap0901.sys
[2010/01/20 23:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\S.A.D
[2010/01/19 01:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Desktop\Video 1
[2010/01/17 22:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/01/17 22:48:36 | 00,000,000 | ---D | C] -- C:\windows\BDOSCAN8
[2010/01/17 21:23:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Malwarebytes
[2010/01/17 21:22:13 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\windows\System32\drivers\pavboot.sys
[2010/01/17 21:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/17 21:04:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/17 21:00:22 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSSTDFMT.DLL
[2010/01/17 21:00:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/01/17 20:54:42 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2010/01/17 20:52:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/17 20:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\SUPERAntiSpyware.com
[2010/01/17 20:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/17 20:50:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/17 20:50:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/17 20:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/17 20:49:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/17 20:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Desktop\Ready
[2010/01/17 20:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\vlc
[2010/01/17 20:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\My Documents\Camtasia Studio
[2010/01/17 05:02:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/17 04:07:10 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/17 03:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Sunbelt
[2010/01/17 03:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Tracing
[2010/01/17 03:22:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Yahoo!
[2010/01/17 03:15:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Yahoo
[2010/01/17 03:13:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\User 2\PrivacIE
[2010/01/17 03:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Adobe
[2010/01/17 03:10:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\acccore
[2010/01/17 03:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\AOL
[2010/01/17 03:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\AIM
[2010/01/17 03:09:02 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\User 2\IETldCache
[2010/01/17 03:09:01 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\User 2\Cookies
[2010/01/17 03:08:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Intel
[2010/01/17 03:08:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\InstallShield
[2010/01/17 03:08:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Identities
[2010/01/17 03:08:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\CyberLink
[2010/01/17 03:08:51 | 00,000,000 | --SD | C] -- C:\Documents and Settings\User 2\Application Data\Microsoft
[2010/01/17 03:08:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User 2\Application Data
[2010/01/17 03:08:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User 2\Favorites
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Windows Desktop Search
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Wave Systems Corp
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Sun
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\PowerDVD DX
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Microsoft
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Application Data\Macromedia
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Identities
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Desktop
[2010/01/17 03:08:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\ApplicationHistory
[2010/01/17 03:08:50 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User 2\SendTo
[2010/01/17 03:08:50 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User 2\Recent
[2010/01/17 03:08:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User 2\Start Menu
[2010/01/17 03:08:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User 2\My Documents\My Videos
[2010/01/17 03:08:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User 2\My Documents\My Pictures
[2010/01/17 03:08:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User 2\My Documents\My Music
[2010/01/17 03:08:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User 2\My Documents
[2010/01/17 03:08:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\User 2\Templates
[2010/01/17 03:08:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\User 2\PrintHood
[2010/01/17 03:08:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\User 2\NetHood
[2010/01/17 03:08:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\User 2\Local Settings
[2010/01/17 03:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Wave Systems Corp
[2010/01/17 03:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\Local Settings\Application Data\Toshiba
[2010/01/17 03:08:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User 2\My Documents\Bluetooth
[2010/01/17 00:22:55 | 00,000,000 | -HSD | C] -- C:\windows\CSC
[2010/01/16 22:12:03 | 00,676,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\LCCoin30.dll
[2010/01/16 22:11:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2010/01/15 02:59:28 | 00,000,000 | ---D | C] -- C:\Program Files\GigaTribe
[2010/01/14 22:33:40 | 00,000,000 | ---D | C] -- C:\Program Files\WinUHA
[2010/01/14 04:59:28 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/13 02:56:22 | 00,000,000 | ---D | C] -- C:\ccce52bad1b11f350ae2b6a1f2
[2010/01/11 17:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/01/10 12:20:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/10 12:18:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/01/10 12:18:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/01/10 12:18:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/01/10 12:18:32 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/01/10 12:18:16 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/01/10 12:17:19 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/10 01:22:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/01/10 01:22:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/10 01:22:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/01/10 01:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/08 02:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/01/03 20:36:12 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\windows\System32\tsccvid.dll
[2010/01/03 20:36:03 | 00,000,000 | ---D | C] -- C:\windows\System32\QuickTime
[2010/01/03 20:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/01/03 20:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/01/02 14:18:07 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Defense
[2009/12/29 20:11:06 | 00,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2009/12/29 18:30:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/12/29 18:30:55 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/12/29 18:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/11/22 16:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/22 16:42:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/22 16:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/22 16:42:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/13 13:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/10/28 08:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/10/28 08:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/24 21:55:49 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User 2\Desktop\OTL.exe
[2010/01/24 21:52:28 | 00,189,662 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2010/01/24 21:52:28 | 00,056,288 | ---- | M] () -- C:\windows\System32\nvModes.001
[2010/01/24 21:52:25 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/01/24 21:50:40 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/01/24 21:50:38 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/01/24 21:50:31 | 21,455,09376 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/24 02:36:19 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\User 2\NTUSER.DAT
[2010/01/22 17:03:39 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/22 17:03:39 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/22 17:03:39 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/22 17:03:39 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/22 17:03:39 | 00,000,472 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/22 00:33:39 | 04,652,351 | ---- | M] () -- C:\Documents and Settings\User 2\Desktop\Modern+Warfare+2+Patch+1.0.175(New.rar
[2010/01/21 22:43:27 | 00,000,274 | ---- | M] () -- C:\windows\tasks\Microsoft_Hardware_Launch_IcePick_exe.job
[2010/01/20 23:15:27 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberGhost VPN.lnk
[2010/01/20 23:03:22 | 00,010,022 | -HS- | M] () -- C:\windows\System32\KGyGaAvL.sys
[2010/01/19 01:34:39 | 00,005,120 | ---- | M] () -- C:\Documents and Settings\User 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/18 03:09:44 | 00,000,477 | ---- | M] () -- C:\windows\win.ini
[2010/01/18 03:09:44 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/18 03:09:44 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/01/17 22:37:07 | 18,771,08228 | ---- | M] () -- C:\Documents and Settings\User 2\Desktop\capture-1.camrec
[2010/01/17 21:00:29 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\User 2\Desktop\SpywareBlaster.lnk
[2010/01/17 20:52:38 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\User 2\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/17 20:49:56 | 00,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/17 20:17:59 | 00,056,288 | ---- | M] () -- C:\windows\System32\nvModes.dat
[2010/01/17 06:36:56 | 00,372,744 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/01/17 05:41:33 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\User 2\Desktop\2cq5ymd7.exe
[2010/01/17 05:16:50 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\User 2\Desktop\settings.dat
[2010/01/17 03:59:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User 2\ntuser.ini
[2010/01/15 13:10:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/01/13 03:45:11 | 00,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/01/10 18:01:30 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20100117-063656.backup
[2010/01/07 22:40:51 | 00,001,324 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/12/29 18:38:02 | 00,000,056 | -H-- | M] () -- C:\windows\System32\ezsidmv.dat
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/22 19:35:48 | 00,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2010/01/22 00:33:13 | 04,652,351 | ---- | C] () -- C:\Documents and Settings\User 2\Desktop\Modern+Warfare+2+Patch+1.0.175(New.rar
[2010/01/20 23:15:27 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberGhost VPN.lnk
[2010/01/18 04:53:04 | 00,000,274 | ---- | C] () -- C:\windows\tasks\Microsoft_Hardware_Launch_IcePick_exe.job
[2010/01/18 03:13:55 | 21,455,09376 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/17 21:00:29 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\User 2\Desktop\SpywareBlaster.lnk
[2010/01/17 20:55:15 | 00,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/17 20:55:14 | 00,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/17 20:55:13 | 00,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/17 20:55:12 | 00,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/17 20:55:10 | 00,000,472 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/17 20:52:38 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\User 2\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/17 20:49:56 | 00,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/17 05:48:35 | 18,771,08228 | ---- | C] () -- C:\Documents and Settings\User 2\Desktop\capture-1.camrec
[2010/01/17 05:48:19 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\User 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/17 05:41:27 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\User 2\Desktop\2cq5ymd7.exe
[2010/01/17 05:14:25 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\User 2\Desktop\settings.dat
[2010/01/17 03:08:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\User 2\Local Settings\Application Data\WavXMapDrive.bat
[2010/01/17 03:08:50 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\User 2\ntuser.ini
[2010/01/17 03:08:49 | 05,767,168 | -H-- | C] () -- C:\Documents and Settings\User 2\NTUSER.DAT
[2010/01/17 02:37:02 | 00,010,022 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2010/01/10 12:20:59 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/10 12:20:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/10 12:18:32 | 00,261,632 | ---- | C] () -- C:\windows\PEV.exe
[2010/01/10 12:18:32 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/01/10 12:18:32 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/01/10 12:18:32 | 00,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/01/10 12:18:32 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2009/12/29 18:38:02 | 00,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2009/12/10 23:01:53 | 00,941,784 | ---- | C] () -- C:\windows\System32\drivers\CAMTHWDM.sys
[2009/12/06 17:03:09 | 00,004,873 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vsrenaae.pyv
[2009/11/23 21:00:18 | 00,004,985 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/11/21 14:30:00 | 00,001,082 | ---- | C] () -- C:\windows\Poker-Spy.INI
[2009/11/15 15:34:44 | 00,815,104 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/11/15 15:34:43 | 00,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/11/14 11:48:49 | 00,153,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/05 13:30:13 | 01,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2009/08/05 13:30:13 | 01,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2009/08/05 13:30:12 | 01,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2009/08/05 13:30:12 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2009/08/04 15:39:03 | 00,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4814.dll
[2009/03/10 08:36:45 | 00,910,304 | ---- | C] () -- C:\windows\System32\igmedkrn.dll
[2009/03/10 08:36:45 | 00,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4831.dll
[2009/03/10 08:35:58 | 00,001,155 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2009/03/10 07:19:20 | 00,000,000 | ---- | C] () -- C:\windows\tosOBEX.INI
[2009/03/10 07:19:13 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2009/03/10 07:07:03 | 00,000,234 | ---- | C] () -- C:\windows\wininit.ini
[2009/03/10 06:59:43 | 00,080,368 | ---- | C] () -- C:\windows\System32\pbadrvdll.dll
[2009/03/10 06:57:08 | 00,143,360 | ---- | C] () -- C:\windows\System32\bioapi_mds300.dll
[2009/03/10 06:57:08 | 00,106,496 | ---- | C] () -- C:\windows\System32\bioapi100.dll
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\windows\bdoscandellang.ini
[2008/04/25 13:26:32 | 00,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2007/12/21 13:46:32 | 00,118,784 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
[2007/09/13 11:42:30 | 00,499,712 | ---- | C] () -- C:\windows\System32\AmRes_ru.dll
[2007/09/13 11:42:30 | 00,471,040 | ---- | C] () -- C:\windows\System32\AmRes_pt-BR.dll
[2007/09/13 11:42:28 | 00,487,424 | ---- | C] () -- C:\windows\System32\AmRes_it.dll
[2007/09/13 11:42:28 | 00,487,424 | ---- | C] () -- C:\windows\System32\AmRes_fr.dll
[2007/09/13 11:42:28 | 00,462,848 | ---- | C] () -- C:\windows\System32\AmRes_ko.dll
[2007/09/13 11:42:28 | 00,458,752 | ---- | C] () -- C:\windows\System32\AmRes_ja.dll
[2007/09/13 11:42:26 | 00,487,424 | ---- | C] () -- C:\windows\System32\AmRes_es.dll
[2007/09/13 11:42:26 | 00,487,424 | ---- | C] () -- C:\windows\System32\AmRes_de.dll
[2007/09/13 11:42:26 | 00,466,944 | ---- | C] () -- C:\windows\System32\AmRes_en.dll
[2007/09/13 11:42:26 | 00,434,176 | ---- | C] () -- C:\windows\System32\AmRes_zh-CHT.dll
[2007/09/13 11:36:24 | 00,438,272 | ---- | C] () -- C:\windows\System32\AmRes_zh-CHS.dll
[2007/09/12 12:05:08 | 00,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_pt.dll
[2007/09/12 12:04:46 | 00,086,016 | ---- | C] () -- C:\windows\System32\Internationalization_zh-CHT.dll
[2007/09/12 12:04:26 | 00,090,112 | ---- | C] () -- C:\windows\System32\Internationalization_ko.dll
[2007/09/12 12:04:06 | 00,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_es.dll
[2007/09/12 12:03:44 | 00,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_ru.dll
[2007/09/12 12:03:24 | 00,090,112 | ---- | C] () -- C:\windows\System32\Internationalization_ja.dll
[2007/09/12 12:03:04 | 00,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_it.dll
[2007/09/12 12:02:44 | 00,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_de.dll
[2007/09/12 12:02:22 | 00,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_fr.dll
[2007/09/12 12:02:02 | 00,086,016 | ---- | C] () -- C:\windows\System32\Internationalization_zh-CHS.dll
[2007/09/10 06:53:26 | 00,262,144 | ---- | C] () -- C:\windows\System32\wxvault.dll
[2007/06/15 07:19:20 | 00,835,584 | ---- | C] () -- C:\windows\System32\DemoLicense.dll
[2006/08/14 08:02:10 | 00,072,192 | ---- | C] () -- C:\windows\System32\xltZlib.dll
[2006/06/12 05:01:16 | 00,348,160 | ---- | C] () -- C:\windows\tsp.dll
[2005/07/22 18:30:18 | 00,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
[2004/09/10 10:34:00 | 00,917,504 | ---- | C] () -- C:\windows\System32\lmgr10.dll
[2004/09/10 10:34:00 | 00,057,344 | ---- | C] () -- C:\windows\System32\ADsSecurity.dll
[2004/09/01 07:49:17 | 03,375,104 | ---- | C] () -- C:\windows\System32\qt-mt331.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 04:00:00 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/04/14 04:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 04:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 04:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 04:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 04:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/14 04:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Extras

OTL Extras logfile created on: 1/24/2010 9:57:09 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\User 2\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.56 Gb Total Space | 25.86 Gb Free Space | 34.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: User 2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2007404497-3047427424-3881915341-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NewsBin\nbpro.exe" = C:\Program Files\NewsBin\nbpro.exe:*:Enabled:NewsBin Pro -- (CMCEI)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe:*:Enabled:Kaspersky Internet Security 2010 Setup -- (Kaspersky Lab)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\GigaTribe\gigatribe.exe" = C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:GigaTribe -- (Gigatribe SAS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}" = MassArticleCreator
"{1D3573E4-B407-47C2-ACA5-6880048BF1EE}" = CounterSpy
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7EC5CFE0-20F2-4A6D-8BBA-EB6F7F064ADC}" = DANCE!ONLINE
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{893D8F2B-C140-4690-B032-75FFB0546AA2}}_is1" = 1.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{93A9F9C7-7616-4797-9266-70F54CADB0F6}" = Poker-Spy
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Alt.Binz" = Alt.Binz 0.25.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CyberGhost VPN_is1" = CyberGhost VPN
"Download Manager" = Download Manager 2.3.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"LimeWire" = LimeWire PRO 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NewsBin5" = NewsBin Pro
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"RegistryDefense" = RegistryDefense
"SENuke_is1" = SENuke
"ShalSoft.GigaTribe_is1" = GigaTribe 3.0.020
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 5:50:53 AM | Computer Name = OWNER | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 1/17/2010 6:04:10 AM | Computer Name = OWNER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/17/2010 8:11:06 AM | Computer Name = OWNER | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 1/17/2010 8:11:06 AM | Computer Name = OWNER | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 1/17/2010 8:11:06 AM | Computer Name = OWNER | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 1/17/2010 8:24:16 AM | Computer Name = OWNER | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 1/17/2010 8:38:17 AM | Computer Name = OWNER | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 1/18/2010 12:50:35 AM | Computer Name = OWNER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/18/2010 2:46:07 AM | Computer Name = OWNER | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 1/18/2010 6:25:04 AM | Computer Name = OWNER | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

[ System Events ]
Error - 1/18/2010 6:43:09 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7034
Description = The TdmService service terminated unexpectedly. It has done this
1 time(s).

Error - 1/18/2010 6:43:12 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless SSO Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/18/2010 6:43:17 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 1/18/2010 6:46:31 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 1/18/2010 6:52:40 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
3 time(s).

Error - 1/18/2010 6:52:40 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 3 time(s).

Error - 1/18/2010 7:02:33 AM | Computer Name = OWNER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/18/2010 7:03:06 AM | Computer Name = OWNER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/18/2010 7:03:43 AM | Computer Name = OWNER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV Fips intelppm kl1 klbg KLIF pavboot SASDIFSV SASKUTIL sbaphd Tosrfcom

Error - 1/18/2010 7:10:17 AM | Computer Name = OWNER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 25 January 2010 - 08:17 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the log please provide it in your next reply.

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 26 January 2010 - 03:00 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 21:23:42
Windows 5.1.2600 Service Pack 3
Running: 2cq5ymd7.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB51DF36E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB51DFA86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB51E060C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB51E0B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB51DFD78]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA6584D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB51E0A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB51DDD0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB51E08D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB51DF102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB51E0C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB51E240E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB51DF886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB51E0976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB51DEA20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB51DECF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB51E021C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB51E2980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB51DEE3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB51DEEE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB51E0016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB51E1EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB51DE43C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB51DE44E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB51DF030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB51E0BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB51DFB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB51DE604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB51E0AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB51DF56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB51E2438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB51E0D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB51DF492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB51DEF8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB51DEBB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB51DE8BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB51E2128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB51DEB34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB51DE0C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB51E109E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB51E0F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB51E1C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB51DE224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB51E2860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB51DDEC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB51E0312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB51DF984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB51E15F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB51E1FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB51E24C2]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA658520]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB51E25A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB51E26D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB51E1DD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB51DF6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB51DF63C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB51DF7C8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B51D4424 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B51D47DE \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504528 16 Bytes [02, F1, 1D, B5, 72, 0C, 1E, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CC0 8050455C 4 Bytes JMP 4966B51D
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [A6, 1E, 1E, B5, 3C, E4, 1D, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2E88 80504724 4 Bytes CALL 0C88FC46
.text ntkrnlpa.exe!ZwCallbackReturn + 2EC4 80504760 16 Bytes [34, EB, 1D, B5, C2, E0, 1D, ...]
.text ...
.text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB88B9380, 0x37DE8D, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B98D4820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B98D4820] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 26 January 2010 - 11:47 AM

Hi,

your log looks clean. Are you still having the problem? Could you please check in taskmanager which task uses the most CPU?

What about the ComboFix log, do you still have it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 26 January 2010 - 05:42 PM

Yes im still having the proplem, SVhost is using the most.

#8 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 26 January 2010 - 10:43 PM

Combo Fix Log

ComboFix 10-01-26.02 - User 2 01/26/2010 15:17:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1617 [GMT -8:00]
Running from: c:\documents and settings\User 2\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log
c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-25 19:38 . 2009-08-11 03:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-01-25 19:36 . 2009-05-14 00:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-01-23 22:49 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-23 22:49 . 2008-04-14 13:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-23 22:49 . 2008-04-14 08:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-23 22:49 . 2008-04-14 08:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-23 03:35 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-22 09:19 . 2010-01-23 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-22 09:10 . 2010-01-22 09:11 -------- d-----w- c:\documents and settings\User 2\Local Settings\Application Data\Adobe
2010-01-21 08:38 . 2010-01-21 08:38 -------- d-----w- c:\documents and settings\User 2\Local Settings\Application Data\Mozilla
2010-01-21 07:14 . 2008-11-20 03:22 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-01-21 07:14 . 2010-01-21 07:14 -------- d-----w- c:\program files\S.A.D
2010-01-18 11:03 . 2010-01-18 11:03 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-01-18 06:58 . 2010-01-18 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-01-18 06:48 . 2010-01-18 07:17 -------- d-----w- c:\windows\BDOSCAN8
2010-01-18 05:23 . 2010-01-18 05:23 -------- d-----w- c:\documents and settings\User 2\Application Data\Malwarebytes
2010-01-18 05:22 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-18 05:13 . 2010-01-18 05:13 -------- d-----w- c:\program files\Panda Security
2010-01-18 05:04 . 2010-01-25 08:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-18 05:00 . 2005-08-26 03:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-01-18 05:00 . 2010-01-18 05:06 -------- d-----w- c:\program files\SpywareBlaster
2010-01-18 04:54 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-18 04:52 . 2010-01-18 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-18 04:52 . 2010-01-18 04:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-18 04:52 . 2010-01-18 04:52 -------- d-----w- c:\documents and settings\User 2\Application Data\SUPERAntiSpyware.com
2010-01-18 04:50 . 2010-01-18 04:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 04:50 . 2010-01-18 04:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 04:49 . 2010-01-18 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-18 04:49 . 2010-01-18 04:49 -------- d-----w- c:\program files\Lavasoft
2010-01-18 04:21 . 2010-01-19 09:46 -------- d-----w- c:\documents and settings\User 2\Application Data\vlc
2010-01-17 14:30 . 2010-01-17 14:30 -------- d-sh--w- c:\documents and settings\postgres\IETldCache
2010-01-17 13:02 . 2010-01-17 13:02 -------- d-----w- c:\program files\Trend Micro
2010-01-17 12:07 . 2010-01-17 12:07 -------- d-----w- c:\program files\TrendMicro
2010-01-17 11:31 . 2010-01-17 11:31 -------- d-----w- c:\documents and settings\User 2\Application Data\Sunbelt
2010-01-17 11:25 . 2010-01-26 23:09 -------- d-----w- c:\documents and settings\User 2\Tracing
2010-01-17 11:22 . 2010-01-17 11:23 -------- d-----w- c:\documents and settings\User 2\Application Data\Yahoo!
2010-01-17 11:15 . 2010-01-17 11:15 -------- d-----w- c:\documents and settings\User 2\Local Settings\Application Data\Yahoo
2010-01-17 11:13 . 2010-01-17 11:13 -------- d-sh--w- c:\documents and settings\User 2\PrivacIE
2010-01-17 11:10 . 2010-01-17 11:10 -------- d-----w- c:\documents and settings\User 2\Application Data\acccore
2010-01-17 11:10 . 2010-01-17 11:11 -------- d-----w- c:\documents and settings\User 2\Local Settings\Application Data\AIM
2010-01-17 11:10 . 2010-01-17 11:10 -------- d-----w- c:\documents and settings\User 2\Local Settings\Application Data\AOL
2010-01-17 10:03 . 2010-01-17 10:03 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-17 08:24 . 2010-01-17 08:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2010-01-17 08:24 . 2010-01-17 08:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2010-01-17 08:24 . 2010-01-17 08:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2010-01-17 08:24 . 2010-01-17 08:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-17 06:12 . 2009-07-24 23:05 676704 ----a-w- c:\windows\system32\LCCoin30.dll
2010-01-17 06:11 . 2010-01-17 06:11 -------- d-----w- c:\program files\Microsoft LifeCam
2010-01-15 10:59 . 2010-01-15 10:59 -------- d-----w- c:\program files\GigaTribe
2010-01-15 06:33 . 2010-01-15 06:33 -------- d-----w- c:\program files\WinUHA
2010-01-13 10:56 . 2010-01-14 13:27 -------- d-----w- C:\ccce52bad1b11f350ae2b6a1f2
2010-01-12 01:58 . 2010-01-12 01:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-10 09:22 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 09:22 . 2010-01-10 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-10 09:22 . 2010-01-10 09:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 09:22 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 10:13 . 2010-01-08 10:17 -------- d-----w- c:\program files\LimeWire
2010-01-05 01:02 . 2010-01-05 01:02 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-04 04:36 . 2009-08-19 13:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-04 04:36 . 2010-01-04 04:36 -------- d-----w- c:\windows\system32\QuickTime
2010-01-04 04:35 . 2010-01-04 04:35 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-01-04 04:35 . 2010-01-04 04:35 -------- d-----w- c:\program files\TechSmith
2010-01-02 22:18 . 2010-01-02 22:18 -------- d-----w- c:\program files\Registry Defense
2009-12-30 04:11 . 2009-12-30 04:11 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-12-30 02:38 . 2009-12-30 02:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-30 02:30 . 2009-12-30 02:30 -------- d-----w- c:\program files\Common Files\Skype
2009-12-30 02:30 . 2009-12-30 02:31 -------- d-----r- c:\program files\Skype
2009-12-30 02:30 . 2009-12-30 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 03:06 . 2009-12-23 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-24 06:17 . 2009-07-16 17:38 -------- d-----w- c:\program files\7-Zip
2010-01-24 06:16 . 2009-11-11 02:00 -------- d-----w- c:\program files\Yahoo!
2010-01-18 04:17 . 2009-08-06 00:48 56288 ----a-w- c:\windows\system32\nvModes.dat
2010-01-17 11:22 . 2009-11-11 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-17 08:20 . 2009-11-14 19:48 153304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-17 05:59 . 2009-07-16 17:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 10:42 . 2009-03-10 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 10:40 . 2009-11-21 04:48 -------- d-----w- c:\program files\OPB
2010-01-12 10:39 . 2009-07-16 17:44 -------- d-----w- c:\program files\Common Files\Apple
2010-01-08 06:40 . 2009-08-04 23:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-04 04:33 . 2009-11-11 19:19 -------- d-----w- c:\program files\DivX
2009-12-24 12:53 . 2009-12-24 12:53 39 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2009-12-24 02:22 . 2009-12-24 02:22 -------- d-----w- c:\program files\Perfect World Entertainment
2009-12-23 04:49 . 2009-05-24 23:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-23 04:49 . 2009-12-23 04:29 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-23 04:49 . 2009-12-23 04:29 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-23 04:42 . 2009-12-23 04:42 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-12-23 04:28 . 2009-12-23 04:28 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-23 03:29 . 2009-12-23 03:20 -------- d-----w- c:\program files\Solveig Multimedia
2009-12-23 02:02 . 2009-12-23 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-23 01:36 . 2009-12-23 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-12-23 01:36 . 2009-12-23 01:36 -------- d-----w- c:\program files\Sunbelt Software
2009-12-22 22:52 . 2009-03-10 15:12 -------- d-----w- c:\program files\Windows Live
2009-12-22 22:45 . 2009-12-22 22:45 -------- d-----w- c:\program files\Common Files\Intel
2009-12-22 22:45 . 2009-10-28 16:14 -------- d-----w- c:\program files\Intel
2009-12-15 07:13 . 2009-11-11 01:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 01:01 . 2009-12-13 01:01 -------- d-----w- c:\program files\VideoLAN
2009-12-11 03:54 . 2009-12-11 03:53 -------- d-----w- c:\program files\TinyDiggBot
2009-12-10 03:59 . 2009-11-29 10:29 -------- d-----w- c:\program files\DANCE!ONLINE
2009-12-07 18:27 . 2009-12-07 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-12-07 01:10 . 2009-12-07 00:38 -------- d-----w- c:\program files\SENuke
2009-12-06 04:46 . 2009-12-06 04:44 -------- d-----w- c:\program files\AltBinz
2009-12-06 04:23 . 2009-12-06 04:23 -------- d-----w- c:\program files\NewsBin
2009-12-05 11:43 . 2009-12-05 11:43 -------- d-----w- c:\program files\MassArticleCreator
2009-12-01 23:21 . 2009-11-21 03:52 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-28 00:44 . 2009-11-28 00:44 17196 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 00:34 . 2009-11-11 00:34 0 ----a-w- c:\windows\nsreg.dat
2009-10-29 07:45 . 2008-04-25 16:16 916480 ------w- c:\windows\system32\wininet.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-08 429392]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-01-05 685392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^GigaTribe.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\GigaTribe.lnk
backup=c:\windows\pss\GigaTribe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-10-01 20:20 3634024 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-01-25 09:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 17:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-03-31 03:00 162584 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-03-31 03:00 138008 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2009-05-21 21:06 1202448 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2009-05-21 21:49 1372160 ----a-w- c:\program files\Intel\WiFi\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 21:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 19:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-08 00:07 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 14:23 13537280 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-06-09 14:23 90112 ----a-w- c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 14:23 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-06-09 14:23 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-03-31 02:59 138008 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
2010-01-05 01:22 685392 ----a-w- c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-06 00:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 12:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-05 15:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AVP"=2 (0x2)
"YahooAUService"=2 (0x2)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WaveEnrollmentService"=3 (0x3)
"Wave UCSPlus"=2 (0x2)
"TrkWks"=2 (0x2)
"TOSHIBA Bluetooth Service"=2 (0x2)
"srservice"=2 (0x2)
"SENS"=2 (0x2)
"SeaPort"=2 (0x2)
"SBAMSvc"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"pgsql-8.3"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MBAMService"=2 (0x2)
"Lavasoft Ad-Aware Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"ASFIPmon"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NewsBin\\nbpro.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2010 9.0.0.459\\English\\setup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/17/2010 8:54 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/17/2010 9:22 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [1/25/2010 11:36 AM 13360]
R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [1/20/2010 11:14 PM 2211328]
R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [1/4/2010 5:02 PM 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [1/25/2010 11:38 AM 69936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 9:32 AM 97536]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2010 1:22 AM 19160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/13/2009 7:34 PM 30560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 8:22 AM 95024]
S4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 11:21 AM 79432]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2010 1:22 AM 236368]
S4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S4 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/25/2008 8:16 AM 5120]
.
Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 04:53]

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 04:53]

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 04:53]

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 04:53]

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 04:53]

2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IcePick_exe.job
- c:\program files\Microsoft LifeCam\IcePick.exe [2009-07-24 23:05]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 66.179.130.89:80
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\rok0ctot.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1032)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-26 19:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 03:15
ComboFix2.txt 2010-01-11 02:07

Pre-Run: 39,320,698,880 bytes free
Post-Run: 42,738,847,744 bytes free

- - End Of File - - 015F5C834C0BB791438DF5BA30279D19


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 29 January 2010 - 08:37 AM

Hi,

can you please download process epxlorer and extract it to your desktop. Double-click it to run it. It is a more advanced task manager in sorts. It should show you which files are executed by svchost.exe. Hovering over the svchost.exe should give you more information as well.

Please provide the files launched by the svchost.exe and the information shown when hovering over it for the process that is eating up your memory.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 29 January 2010 - 02:49 PM

I have 7 SVChost


Print Spooler
DCOM Services process laucnher
Terminal Service
Remote procedure call
DNS Client
SSDP discovery service
tcp/ip net bios
Web Client
Windows Image


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 29 January 2010 - 03:41 PM

Hi,
can you tell me which one is taking up all the CPU or are all of them using the same amount of CPU?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 29 January 2010 - 04:56 PM

all around the same cpu. whats weird is I am able to be on for 10-30 mins without boosting in cpu usage and sometimes even 1-4 hours without it doing it, but it still does it and it forces me to restart computer.

Edited by fauzool, 29 January 2010 - 04:56 PM.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 29 January 2010 - 05:18 PM

Hi,

those are all legit windows processes, if they are eating up your CPU you probably have a software problem.

Please try to do a clean boot and let me know if the system locks up then: How to do a clean boot

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 fauzool

fauzool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 30 January 2010 - 02:55 PM

its still freezing on me

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 AM

Posted 05 February 2010 - 07:44 AM

Hi,

it does not look as if the problem is caused by malware. Just to be safe please run a scan with Malwarebytes and Eset:
  • Please open Malwarebytes and go to the Update tab and make sure that the latest updates are installed.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users