Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Extreme Slow Down on PC. Require Assistance Please.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 14th, 2009, 10:19 pm

Hello, i'd first like to say thank you to the person whome is the one going to help with my issue.

It all started around 6 days ago... My motherboard fried... i called in PC Wizard to take a look and go about fixing my pc.
i have since gotten my PC back, with a brand new motherboard and RAM.

So i go to use my pc this morning, and all day it has been acting extremly Slow and Slugish.... i have disabled pretty much all the programs Windows does not require i even disabled my Anti-Virus software....and still no change in the speed of my PC.

So now i am thinking i may have a malware problem, hence me making this post.

Thank you for taking the time to assist me!

The following is a HiJackThis log:

Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:30, on 15/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix: 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221956764499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221956856774
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7183 bytes
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm
Advertisement
Register to Remove

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby jmw3 » August 18th, 2009, 2:51 pm

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

Please don't wrap the contents of the logs in code or quote tags. Just post the contents of logs requested directly into your replies. It makes them easier to read.
Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 19th, 2009, 10:52 am

Thank you for helping me, i was able to get the Contents of DDS log and the
Contents of Attach.txt but when i ran the GMER it scans, then afte around 3 hours in.. it crashed, i restarted did the process again and went afk, came back to a restarted pc... ran it once more and it gave me the BSOD, with the error : Page_fault_in_nonpaged_area

i am sorry i could not produce the last bit of information you needed.

here are the Contents of DDS log and the
Contents of Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/12/2007 12:48:16
System Uptime: 19/08/2009 05:21:38 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | STRIKER II EXTREME
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 458 GiB total, 223.774 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Reader 9.1
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AquaMark3
Audacity 1.2.6
Battlefield 1942
Battlefield 1942 Secret Weapons of WWII Demo
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142
BisonCam, NB Pro
BitTornado 0.3.17
Bonjour
British Telecom
Call of Duty 4: Modern Warfare
Call of Duty: World at War
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Counter-Strike
Counter-Strike: Source
Creator 9
Crysis(R)
D.I.P.R.I.P. Warm Up
Day of Defeat
dBpoweramp Music Converter
DCXtended .9
EA Download Manager
Firefox
Flash Player 9 Internet Explorer
Forgotten Hope 2
Garry's Mod
GearDrvs
GTA San Andreas
Half-Life
Half-Life 2
Half-Life 2: Episode Two
Hamachi 1.0.3.0
HDReg
HijackThis 2.0.2
HLSW v1.3.0
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infocentre Rev. 2.0
Insurgency
Internet From BT
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) 6 Update 7
JMB36X Raid Configurer
Kaspersky Internet Security 2010
Kaspersky Online Scanner
Left 4 Dead
Magic Sports
MagicSports 3.5
Men of War
Metaboli
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft® Office Trial 2007
Mozilla Firefox (3.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MTA:SA DM Developer Preview 2.3
Natural Selection 3.2
Norton 360
NS Training Public Beta 1.0
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PacCafe
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PC Wizard 2008.1.81
Peggle Extreme
Picasa 2
Picasa2
PiraMod_30000.04
PremiumSoft Navicat MySQL 7.2
PunkBuster Services
QuickTime
Razer Habu Config
Razer Reclusa Config
Real Lives 2007
Realtek HD Audio V6.0.1.5334
Realtek High Definition Audio Driver
Red Orchestra
Roger Wilco
Roxio Creator 9 LE
Saitek SST Programming Software
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
SetUp My PC
Shockwave player 10
Silkroad
Skype 2.5.2.151
Skype™ Beta 4.0
SmartFTP Client 2.5.1006.16
SoundMAX
Source SDK
Source SDK Base
Steam
Sven Co-op 4.0B
System Requirements Lab
Team Fortress Classic
TeamSpeak 2 RC2
TeamViewer 4
TomTom HOME
TortoiseSVN 1.6.0.15855 (32 bit)
Uniblue RegistryBooster 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Valve Hammer Editor
Ventrilo Client
Video NVIDIA v162.22
VLC media player 1.0.0-rc3
Webshots Desktop
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
Xfire (remove only)
Zombie Panic! 1.0
Zombie Panic! Source

==== End Of File =========================


DDS (Ver_09-07-30.01) - NTFSx86
Run by calvin at 5:54:45.13 on 19/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1628 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\calvin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 1956764499
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1956856774
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\calvin\appdata\roaming\mozilla\firefox\profiles\rf7ysydv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.runescape.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\calvin\appdata\roaming\mozilla\firefox\profiles\rf7ysydv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2008-12-10 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-8-19 10752]
R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2007-12-18 27776]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2007-12-18 41984]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2008-11-18 176640]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-30 131368]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-08-19 02:33 180,224 a------- c:\windows\system32\WinVd32.sys
2009-08-19 02:33 10,752 a------- c:\windows\system32\WinFLdrv.sys
2009-08-19 02:33 7,680 a------- c:\windows\system32\WinFLsrv.exe
2009-08-19 02:33 <DIR> --dsh--- c:\users\calvin\appdata\roaming\.#
2009-08-19 02:33 33,982 a------- c:\windows\system32\flk-icon.ico
2009-08-19 02:33 <DIR> --d----- c:\program files\Folder Lock 6
2009-08-19 02:13 <DIR> --d----- c:\users\calvin\appdata\roaming\Uniblue
2009-08-19 02:13 <DIR> --d----- c:\program files\Uniblue
2009-08-18 18:21 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-18 18:21 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-14 17:55 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-14 17:55 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-14 17:55 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 17:55 270,848 a------- c:\windows\system32\schannel.dll
2009-08-14 17:55 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-14 17:55 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 17:55 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 17:55 9,728 a------- c:\windows\system32\lsass.exe
2009-08-14 11:52 71,680 a------- c:\windows\system32\atl.dll
2009-08-14 11:52 71,680 a------- c:\windows\system32\atl(189).dll
2009-08-14 11:52 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-14 11:52 91,136 a------- c:\windows\system32\avifil32(190).dll
2009-08-14 11:52 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-14 11:52 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-14 11:52 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-14 11:52 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-14 11:52 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-14 11:52 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-14 11:52 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-13 23:40 24,576 a----r-- c:\windows\system32\AsIO.dll
2009-08-13 23:40 12,400 a----r-- c:\windows\system32\drivers\AsIO.sys
2009-08-13 23:40 <DIR> --d----- c:\program files\ASUS
2009-08-13 23:40 666 a------- c:\windows\setup.iss
2009-08-13 23:30 151,552 -----r-- c:\windows\system32\xRaidAPI.dll
2009-08-13 23:30 1,966,080 -----r-- c:\windows\system32\xRaidSetup.exe
2009-08-13 23:29 63,360 a------- c:\windows\system32\drivers\jraid.sys
2009-08-13 23:29 319,984 -----r-- c:\windows\system32\DifxApi.dll
2009-08-13 23:29 <DIR> --d----- c:\windows\RaidTool
2009-08-13 23:16 <DIR> --d----- c:\program files\profile
2009-08-13 23:16 <DIR> --d----- c:\program files\bin32
2009-08-13 23:15 <DIR> --d----- c:\program files\log
2009-08-13 23:13 353,280 a------- c:\windows\system32\idecoi.dll
2009-08-13 23:13 110,624 a------- c:\windows\system32\drivers\nvstor32.sys
2009-08-13 23:13 1,042,464 a------- c:\windows\system32\drivers\nvmfdx32.sys
2009-08-13 23:13 203,264 a------- c:\windows\system32\fdco1.dll
2009-08-13 23:05 <DIR> --d----- c:\windows\ASUSInstAll
2009-08-13 23:03 409,600 a------- c:\windows\system32\wrap_oal.dll
2009-08-13 23:03 114,688 a------- c:\windows\system32\OpenAL32.dll
2009-08-13 23:03 <DIR> --d----- c:\program files\Creative
2009-08-13 23:03 1,503,232 -------- c:\windows\system32\adi_oal.dll
2009-08-13 23:01 <DIR> --d----- c:\programdata\SonicFocus
2009-08-13 23:01 <DIR> --d----- c:\program files\Analog Devices
2009-08-13 23:01 <DIR> --d----- c:\progra~2\SonicFocus
2009-08-13 23:00 28,900 a------- c:\windows\Ascd_log.ini
2009-08-13 23:00 7,680 a------- c:\windows\system32\drivers\ASACPI.sys
2009-07-31 20:33 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-07-31 20:33 <DIR> --d----- c:\program files\Hamachi
2009-07-31 07:03 <DIR> --d----- c:\program files\Celtic Kings - Rage of War
2009-07-30 01:43 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-07-30 01:39 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-30 01:39 10,854,400 a------- c:\windows\system32\nvoglv32.dll
2009-07-30 01:39 9,557,216 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-30 01:39 3,287,040 a------- c:\windows\system32\nvwgf2um.dll
2009-07-30 01:39 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-07-30 01:39 10,161 a------- c:\windows\system32\nvdisp.nvu
2009-07-30 01:39 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-07-30 01:39 1,983,488 a------- c:\windows\system32\nvcuda.dll
2009-07-30 01:39 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-30 01:39 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-30 01:39 151,552 a------- c:\windows\system32\nvcod.dll

==================== Find3M ====================

2009-08-19 05:26 34 a------- c:\users\calvin\jagex_runescape_preferences.dat
2009-08-19 05:24 155,810 a------- c:\programdata\nvModes.dat
2009-08-19 05:24 155,810 a------- c:\progra~2\nvModes.dat
2009-08-14 18:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-14 18:38 51,200 a------- c:\windows\inf\infpub.dat
2009-08-13 23:30 86,016 a------- c:\windows\inf\infstor.dat
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 03:17 14,362 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-18 03:16 5,433,520 a------- c:\windows\system32\SpoonUninstall.exe
2009-07-14 19:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll
2009-07-14 19:54 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe
2009-07-09 16:38 128,016 a------- c:\windows\system32\drivers\kl1.sys
2009-07-08 18:17 604,140 a--sh--- c:\windows\system32\drivers\ISwift3(219).dat
2009-07-08 18:17 604,140 -------- c:\windows\system32\drivers\ISwift3.dat
2009-07-08 18:02 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-07-08 18:02 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-07-06 02:41 139,072 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 02:35 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-07-02 19:55 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-05-25 05:21 219,664 a------- c:\windows\system32\klogon.dll
2008-12-24 18:05 22,328 a------- c:\users\calvin\appdata\roaming\PnkBstrK.sys
2008-06-21 00:30 174 a--sh--- c:\program files\desktop.ini
2008-06-21 00:21 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-17 17:07 691 a------- c:\users\calvin\appdata\roaming\GetValue.vbs
2008-06-17 17:07 35 a------- c:\users\calvin\appdata\roaming\SetValue.bat
2008-04-12 21:34 1,958 a------- c:\program files\Craftyov.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-23 10:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-23 10:53 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-23 10:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-12 19:36 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-12 19:36 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-12 19:36 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-01-14 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008010720080114\index.dat
2008-01-21 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008011420080121\index.dat
2008-01-28 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008012120080128\index.dat
2008-01-29 00:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008012820080129\index.dat
2008-01-30 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008013020080131\index.dat
2008-01-31 16:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008013120080201\index.dat
2008-02-01 21:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008020120080202\index.dat
2007-10-30 11:29 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 5:56:28.79 ===============
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby jmw3 » August 19th, 2009, 7:50 pm

Hi
MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTornado 0.3.17

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.

Once this is done run DDS again & post both logs.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 20th, 2009, 3:26 pm

Okay, i have uninstalled BitTornado, and here are the two new logs you asked for:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/12/2007 12:48:16
System Uptime: 20/08/2009 20:12:11 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | STRIKER II EXTREME
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 458 GiB total, 224.011 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Reader 9.1
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AquaMark3
Audacity 1.2.6
Battlefield 1942
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142
BisonCam, NB Pro
Bonjour
British Telecom
Call of Duty 4: Modern Warfare
Call of Duty: World at War
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Counter-Strike
Counter-Strike: Source
Creator 9
Crysis(R)
D.I.P.R.I.P. Warm Up
Day of Defeat
dBpoweramp Music Converter
DCXtended .9
EA Download Manager
Firefox
Flash Player 9 Internet Explorer
Forgotten Hope 2
Garry's Mod
GearDrvs
GTA San Andreas
Half-Life
Half-Life 2
Half-Life 2: Episode Two
Hamachi 1.0.3.0
HDReg
HijackThis 2.0.2
HLSW v1.3.0
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infocentre Rev. 2.0
Insurgency
Internet From BT
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) 6 Update 7
JMB36X Raid Configurer
Kaspersky Internet Security 2010
Kaspersky Online Scanner
Left 4 Dead
Magic Sports
MagicSports 3.5
Men of War
Metaboli
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft® Office Trial 2007
Mozilla Firefox (3.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MTA:SA DM Developer Preview 2.3
Natural Selection 3.2
Norton 360
NS Training Public Beta 1.0
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PacCafe
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PC Wizard 2008.1.81
Peggle Extreme
Picasa 2
Picasa2
PiraMod_30000.04
PremiumSoft Navicat MySQL 7.2
PunkBuster Services
QuickTime
Razer Habu Config
Razer Reclusa Config
Real Lives 2007
Realtek HD Audio V6.0.1.5334
Realtek High Definition Audio Driver
Red Orchestra
Roger Wilco
Roxio Creator 9 LE
Saitek SST Programming Software
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
SetUp My PC
Shockwave player 10
Silkroad
Skype 2.5.2.151
Skype™ Beta 4.0
SmartFTP Client 2.5.1006.16
SoundMAX
Source SDK
Source SDK Base
Steam
Sven Co-op 4.0B
System Requirements Lab
Team Fortress Classic
TeamSpeak 2 RC2
TeamViewer 4
TomTom HOME
TortoiseSVN 1.6.0.15855 (32 bit)
Uniblue RegistryBooster 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Valve Hammer Editor
Ventrilo Client
Video NVIDIA v162.22
VLC media player 1.0.0-rc3
Webshots Desktop
Windows Live installer
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
World of Warcraft
Xfire (remove only)
Zombie Panic! 1.0
Zombie Panic! Source

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by calvin at 20:20:51.47 on 20/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1720 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\calvin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 1956764499
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1956856774
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\calvin\appdata\roaming\mozilla\firefox\profiles\rf7ysydv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.runescape.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\calvin\appdata\roaming\mozilla\firefox\profiles\rf7ysydv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2008-12-10 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-8-19 10752]
R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2007-12-18 27776]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2007-12-18 41984]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2008-11-18 176640]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-10-30 131368]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-08-19 02:33 180,224 a------- c:\windows\system32\WinVd32.sys
2009-08-19 02:33 10,752 a------- c:\windows\system32\WinFLdrv.sys
2009-08-19 02:33 7,680 a------- c:\windows\system32\WinFLsrv.exe
2009-08-19 02:33 <DIR> --dsh--- c:\users\calvin\appdata\roaming\.#
2009-08-19 02:33 33,982 a------- c:\windows\system32\flk-icon.ico
2009-08-19 02:33 <DIR> --d----- c:\program files\Folder Lock 6
2009-08-19 02:13 <DIR> --d----- c:\users\calvin\appdata\roaming\Uniblue
2009-08-19 02:13 <DIR> --d----- c:\program files\Uniblue
2009-08-18 18:21 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-18 18:21 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-14 17:55 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-14 17:55 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-14 17:55 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 17:55 270,848 a------- c:\windows\system32\schannel.dll
2009-08-14 17:55 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-14 17:55 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 17:55 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 17:55 9,728 a------- c:\windows\system32\lsass.exe
2009-08-14 11:52 71,680 a------- c:\windows\system32\atl.dll
2009-08-14 11:52 71,680 a------- c:\windows\system32\atl(189).dll
2009-08-14 11:52 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-14 11:52 91,136 a------- c:\windows\system32\avifil32(190).dll
2009-08-14 11:52 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-14 11:52 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-14 11:52 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-14 11:52 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-14 11:52 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-14 11:52 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-14 11:52 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-13 23:40 24,576 a----r-- c:\windows\system32\AsIO.dll
2009-08-13 23:40 12,400 a----r-- c:\windows\system32\drivers\AsIO.sys
2009-08-13 23:40 <DIR> --d----- c:\program files\ASUS
2009-08-13 23:40 666 a------- c:\windows\setup.iss
2009-08-13 23:30 151,552 -----r-- c:\windows\system32\xRaidAPI.dll
2009-08-13 23:30 1,966,080 -----r-- c:\windows\system32\xRaidSetup.exe
2009-08-13 23:29 63,360 a------- c:\windows\system32\drivers\jraid.sys
2009-08-13 23:29 319,984 -----r-- c:\windows\system32\DifxApi.dll
2009-08-13 23:29 <DIR> --d----- c:\windows\RaidTool
2009-08-13 23:16 <DIR> --d----- c:\program files\profile
2009-08-13 23:16 <DIR> --d----- c:\program files\bin32
2009-08-13 23:15 <DIR> --d----- c:\program files\log
2009-08-13 23:13 353,280 a------- c:\windows\system32\idecoi.dll
2009-08-13 23:13 110,624 a------- c:\windows\system32\drivers\nvstor32.sys
2009-08-13 23:13 1,042,464 a------- c:\windows\system32\drivers\nvmfdx32.sys
2009-08-13 23:13 203,264 a------- c:\windows\system32\fdco1.dll
2009-08-13 23:05 <DIR> --d----- c:\windows\ASUSInstAll
2009-08-13 23:03 409,600 a------- c:\windows\system32\wrap_oal.dll
2009-08-13 23:03 114,688 a------- c:\windows\system32\OpenAL32.dll
2009-08-13 23:03 <DIR> --d----- c:\program files\Creative
2009-08-13 23:03 1,503,232 -------- c:\windows\system32\adi_oal.dll
2009-08-13 23:01 <DIR> --d----- c:\programdata\SonicFocus
2009-08-13 23:01 <DIR> --d----- c:\program files\Analog Devices
2009-08-13 23:01 <DIR> --d----- c:\progra~2\SonicFocus
2009-08-13 23:00 28,900 a------- c:\windows\Ascd_log.ini
2009-08-13 23:00 7,680 a------- c:\windows\system32\drivers\ASACPI.sys
2009-07-31 20:33 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-07-31 20:33 <DIR> --d----- c:\program files\Hamachi
2009-07-31 07:03 <DIR> --d----- c:\program files\Celtic Kings - Rage of War
2009-07-30 01:43 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-07-30 01:39 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-30 01:39 10,854,400 a------- c:\windows\system32\nvoglv32.dll
2009-07-30 01:39 9,557,216 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-30 01:39 3,287,040 a------- c:\windows\system32\nvwgf2um.dll
2009-07-30 01:39 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-07-30 01:39 10,161 a------- c:\windows\system32\nvdisp.nvu
2009-07-30 01:39 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-07-30 01:39 1,983,488 a------- c:\windows\system32\nvcuda.dll
2009-07-30 01:39 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-30 01:39 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-30 01:39 151,552 a------- c:\windows\system32\nvcod.dll

==================== Find3M ====================

2009-08-20 20:16 34 a------- c:\users\calvin\jagex_runescape_preferences.dat
2009-08-20 20:13 155,810 a------- c:\programdata\nvModes.dat
2009-08-20 20:13 155,810 a------- c:\progra~2\nvModes.dat
2009-08-14 18:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-14 18:38 51,200 a------- c:\windows\inf\infpub.dat
2009-08-13 23:30 86,016 a------- c:\windows\inf\infstor.dat
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 03:17 14,362 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-18 03:16 5,433,520 a------- c:\windows\system32\SpoonUninstall.exe
2009-07-14 19:54 7,565,824 a------- c:\windows\system32\nvd3dum.dll
2009-07-14 19:54 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\nvuninst.exe
2009-07-09 16:38 128,016 a------- c:\windows\system32\drivers\kl1.sys
2009-07-08 18:17 604,140 a--sh--- c:\windows\system32\drivers\ISwift3(219).dat
2009-07-08 18:17 604,140 -------- c:\windows\system32\drivers\ISwift3.dat
2009-07-08 18:02 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-07-08 18:02 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-07-06 02:41 139,072 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 02:35 189,672 a------- c:\windows\system32\PnkBstrB.exe
2009-07-02 19:55 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-05-25 05:21 219,664 a------- c:\windows\system32\klogon.dll
2008-12-24 18:05 22,328 a------- c:\users\calvin\appdata\roaming\PnkBstrK.sys
2008-06-21 00:30 174 a--sh--- c:\program files\desktop.ini
2008-06-21 00:21 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-17 17:07 691 a------- c:\users\calvin\appdata\roaming\GetValue.vbs
2008-06-17 17:07 35 a------- c:\users\calvin\appdata\roaming\SetValue.bat
2008-04-12 21:34 1,958 a------- c:\program files\Craftyov.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-23 10:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-23 10:53 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-23 10:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-12 19:36 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-12 19:36 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-12 19:36 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-01-14 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008010720080114\index.dat
2008-01-21 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008011420080121\index.dat
2008-01-28 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008012120080128\index.dat
2008-01-29 00:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008012820080129\index.dat
2008-01-30 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008013020080131\index.dat
2008-01-31 16:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008013120080201\index.dat
2008-02-01 21:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008020120080202\index.dat
2007-10-30 11:29 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:22:48.09 ===============
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby jmw3 » August 20th, 2009, 7:53 pm

Hi
Okay, i have uninstalled BitTornado, and here are the two new logs you asked for:
Good stuff

Try this scanner in place of Gmer:
RootRepeal
Download RootRepeal.zip from here & unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
      Drivers
      Files
      Processes
      SSDT
      Stealth Objects
      Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File then Exit to close the program
To post in next reply:
RootRepeal log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 23rd, 2009, 3:08 pm

Hello, i am sorry i have not responded to this, i have had to deal with some family stuff recently... i will have the log for you as soon as i can.

-Makem.
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 23rd, 2009, 3:36 pm

Hello, i ran RootRepeal.. went afk for around 30 minutes, and came back to my pc on it's windows recovery when it boots up. I think it had another bsod... not sure what to do.. as everytime i run this it bsod...
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby jmw3 » August 23rd, 2009, 10:07 pm

Hi

Leave RootRepeal. We'll move on.

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
Kaspersky Internet Security 2010 | Norton 360
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
New HijackThis log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 26th, 2009, 10:49 pm

Hello, here is my combofix log and my new hijackthis log:


ComboFix 09-08-26.05 - calvin 27/08/2009 3:26.1.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1530 [GMT 1:00]
Running from: c:\users\calvin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1289646755-2976081251-401195427-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\calvin\AppData\Roaming\.#
c:\windows\Installer\2495f11.msi
c:\windows\Installer\92cd8.msp
c:\windows\Installer\92da9.msp
c:\windows\system32\28463
c:\windows\system32\28463\key.bin
c:\windows\system32\28463\QTEO.006
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\nY.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

----- BITS: Possible infected sites -----

hxxp://ccp.vo.llnwd.net
.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 02:38 . 2009-08-27 02:38 -------- d-----w- c:\users\calvin\AppData\Local\temp
2009-08-27 02:38 . 2009-08-27 02:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-08-27 02:38 . 2009-08-27 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 20:04 . 2009-08-26 20:04 -------- d-----w- c:\programdata\CCP
2009-08-26 20:04 . 2009-08-26 20:04 -------- d-----w- c:\users\calvin\AppData\Local\CCP
2009-08-26 18:17 . 2009-08-26 18:17 -------- d-----w- c:\windows\system32\Adobe
2009-08-26 02:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 23:10 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 23:10 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 11:46 . 2009-08-25 11:46 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 11:46 . 2009-08-25 11:46 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 11:46 . 2009-08-25 11:46 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-25 11:46 . 2009-08-25 11:46 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 11:46 . 2009-08-25 11:46 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 11:46 . 2009-08-25 11:46 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-24 03:22 . 2009-08-24 03:22 -------- d-----w- c:\programdata\NortonInstaller
2009-08-20 22:41 . 2009-08-20 22:41 -------- d-----w- c:\program files\Sun
2009-08-19 01:33 . 2009-08-19 01:33 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-08-19 01:33 . 2009-08-19 01:33 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-08-19 01:33 . 2009-08-19 01:33 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2009-08-19 01:33 . 2009-08-19 01:41 -------- d-----w- c:\program files\Folder Lock 6
2009-08-19 01:13 . 2009-08-19 01:13 -------- d-----w- c:\users\calvin\AppData\Roaming\Uniblue
2009-08-19 01:13 . 2009-08-19 01:13 -------- d-----w- c:\program files\Uniblue
2009-08-18 23:34 . 2009-08-18 23:34 -------- d-----w- c:\users\calvin\AppData\Local\RadarSync
2009-08-18 17:21 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-18 17:21 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 16:55 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 16:55 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 16:55 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 16:55 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 16:55 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 16:55 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 16:55 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 16:55 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 10:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 10:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl(189).dll
2009-08-14 10:52 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 10:52 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32(190).dll
2009-08-14 10:52 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 10:52 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 10:52 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 10:52 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 22:40 . 2006-01-10 16:50 24576 ----a-r- c:\windows\system32\AsIO.dll
2009-08-13 22:40 . 2007-12-17 17:14 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2009-08-13 22:40 . 2009-08-17 00:43 -------- d-----w- c:\program files\ASUS
2009-08-13 22:30 . 2007-08-20 21:31 151552 ------r- c:\windows\system32\xRaidAPI.dll
2009-08-13 22:30 . 2007-08-30 00:57 1966080 ------r- c:\windows\system32\xRaidSetup.exe
2009-08-13 22:29 . 2007-08-31 18:58 63360 ----a-w- c:\windows\system32\drivers\jraid.sys
2009-08-13 22:29 . 2006-08-30 20:33 319984 ------r- c:\windows\system32\DifxApi.dll
2009-08-13 22:29 . 2009-08-13 22:30 -------- d-----w- c:\windows\RaidTool
2009-08-13 22:16 . 2009-08-13 22:16 -------- d-----w- c:\program files\profile
2009-08-13 22:16 . 2009-08-13 22:16 -------- d-----w- c:\program files\bin32
2009-08-13 22:15 . 2009-08-13 22:15 -------- d-----w- c:\program files\log
2009-08-13 22:13 . 2008-01-17 11:52 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2009-08-13 22:13 . 2008-01-17 11:43 353280 ----a-w- c:\windows\system32\idecoi.dll
2009-08-13 22:13 . 2008-01-29 12:55 1042464 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys
2009-08-13 22:13 . 2008-01-29 11:37 203264 ----a-w- c:\windows\system32\fdco1.dll
2009-08-13 22:05 . 2009-08-13 22:05 -------- d-----w- c:\windows\ASUSInstAll
2009-08-13 22:03 . 2009-08-13 22:03 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-13 22:03 . 2009-08-13 22:03 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-13 22:03 . 2009-08-13 22:03 -------- d-----w- c:\program files\Creative
2009-08-13 22:03 . 2007-07-03 12:11 1503232 ------w- c:\windows\system32\adi_oal.dll
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\programdata\SonicFocus
2009-08-13 22:00 . 2006-10-18 05:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2009-07-31 20:27 . 2009-07-31 20:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 19:55 . 2009-08-02 02:32 -------- d-----w- c:\users\calvin\AppData\Roaming\Hamachi
2009-07-31 19:33 . 2009-07-31 19:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-31 19:33 . 2009-07-31 19:34 -------- d-----w- c:\program files\Hamachi
2009-07-31 06:03 . 2009-08-02 09:49 -------- d-----w- c:\program files\Celtic Kings - Rage of War
2009-07-30 00:43 . 2009-07-30 00:43 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-30 00:39 . 2009-07-14 18:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-30 00:39 . 2009-07-14 18:54 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-30 00:39 . 2009-07-14 18:54 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-07-30 00:39 . 2009-07-14 18:54 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-30 00:39 . 2009-07-14 18:54 10854400 ----a-w- c:\windows\system32\nvoglv32.dll
2009-07-30 00:39 . 2009-07-14 18:54 1983488 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-30 00:39 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-30 00:39 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod157.dll
2009-07-30 00:39 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 01:26 . 2008-07-02 17:51 34 ----a-w- c:\users\calvin\jagex_runescape_preferences.dat
2009-08-27 00:53 . 2007-12-18 13:12 -------- d-----w- c:\program files\Steam
2009-08-26 21:21 . 2009-05-11 21:25 155810 ----a-w- c:\programdata\nvModes.dat
2009-08-26 16:13 . 2009-07-08 17:02 -------- d-----w- c:\programdata\Kaspersky Lab
2009-08-26 16:13 . 2007-10-30 02:57 -------- d-----w- c:\programdata\NVIDIA
2009-08-23 20:52 . 2007-12-18 13:12 -------- d-----w- c:\program files\Common Files\Steam
2009-08-20 22:40 . 2009-03-11 21:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 22:40 . 2007-12-25 17:02 -------- d-----w- c:\program files\Java
2009-08-19 12:23 . 2007-12-21 16:56 -------- d-----w- c:\program files\EA GAMES
2009-08-19 12:23 . 2007-10-30 02:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 17:02 . 2008-01-04 22:54 -------- d-----w- c:\users\calvin\AppData\Roaming\Ventrilo
2009-08-18 17:02 . 2009-03-19 18:25 -------- d-----w- c:\program files\Webshots
2009-08-18 17:02 . 2009-01-31 04:34 -------- d-----w- c:\program files\MTA San Andreas
2009-08-18 17:02 . 2008-11-23 23:58 -------- d-----w- c:\program files\PiraMod
2009-08-18 17:02 . 2008-11-18 21:28 -------- d-----w- c:\program files\Roger Wilco
2009-08-18 17:02 . 2007-12-20 19:32 -------- d-----w- c:\program files\PC Wizard 2008
2009-08-18 17:02 . 2009-07-16 22:22 -------- d-----w- c:\program files\Audacity
2009-08-18 17:02 . 2008-06-11 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 16:14 . 2008-06-25 02:11 -------- d-----w- c:\program files\wally
2009-08-14 17:44 . 2007-12-18 12:31 85184 ----a-w- c:\users\calvin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 17:03 . 2007-10-30 03:13 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 16:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-14 16:51 . 2007-10-30 03:04 -------- d-----w- c:\programdata\Sonic
2009-08-13 22:02 . 2009-08-13 22:01 -------- d-----w- c:\program files\Analog Devices
2009-08-02 14:47 . 2009-07-03 22:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 03:59 . 2009-06-13 01:01 -------- d-----w- c:\users\calvin\AppData\Roaming\vlc
2009-07-31 19:51 . 2008-03-14 14:53 -------- d-----w- c:\users\calvin\AppData\Roaming\HamachiBackup
2009-07-30 00:42 . 2007-10-30 02:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 00:42 . 2009-05-11 21:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-18 16:06 . 2009-07-29 11:00 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 11:00 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 02:53 . 2009-07-18 02:53 -------- d-----w- c:\users\calvin\AppData\Roaming\dBpoweramp
2009-07-18 02:17 . 2009-07-18 02:17 14362 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-18 02:17 . 2009-07-18 02:17 -------- d-----w- c:\users\calvin\AppData\Roaming\AccurateRip
2009-07-18 02:17 . 2009-07-18 02:17 -------- d-----w- c:\program files\dBpowerAMP
2009-07-18 02:16 . 2008-04-10 19:10 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-17 02:43 . 2009-07-17 02:43 58800 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Program Files\YouTube Downloader\Uninstall.exe
2009-07-16 22:14 . 2008-06-06 23:30 -------- d-----w- c:\users\calvin\AppData\Roaming\TeamViewer
2009-07-14 18:54 . 2009-07-30 00:39 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-14 18:54 . 2009-04-30 21:02 7565824 ----a-w- c:\windows\system32\nvd3dum.dll
2009-07-14 18:54 . 2007-09-17 12:56 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-07-12 01:27 . 2007-12-18 16:33 -------- d-----w- c:\users\calvin\AppData\Roaming\Xfire
2009-07-11 18:05 . 2007-12-18 16:33 -------- d-----w- c:\programdata\Xfire
2009-07-10 06:01 . 2007-12-21 15:57 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-07-09 15:38 . 2009-05-24 14:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-09 15:38 . 2009-07-09 15:38 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-09 15:38 . 2009-07-09 15:38 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-08 18:10 . 2009-07-08 18:10 -------- d-----w- c:\program files\Ventrilo
2009-07-08 17:19 . 2009-07-08 17:19 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-08 17:19 . 2009-07-08 17:19 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-08 17:19 . 2009-07-08 17:19 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-08 17:19 . 2009-07-08 17:19 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-08 17:19 . 2009-07-08 17:19 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-08 17:17 . 2009-07-08 17:17 604140 --sha-w- c:\windows\system32\drivers\ISwift3(219).dat
2009-07-08 17:17 . 2009-07-08 17:17 604140 ------w- c:\windows\system32\drivers\ISwift3.dat
2009-07-08 17:02 . 2009-07-08 17:02 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-08 17:02 . 2009-07-08 17:02 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-08 17:02 . 2009-07-08 17:02 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-08 17:00 . 2009-07-08 17:00 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-07 07:44 . 2007-12-18 16:33 -------- d-----w- c:\program files\Xfire
2009-07-06 01:41 . 2008-11-14 16:24 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 01:35 . 2007-12-26 02:34 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-03 22:45 . 2009-07-03 22:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-03 22:44 . 2007-10-30 03:00 -------- d-----w- c:\program files\Microsoft Works
2009-07-03 22:17 . 2009-07-03 22:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-03 22:17 . 2009-07-03 22:17 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-03 22:17 . 2009-07-03 22:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-03 22:14 . 2009-07-03 22:14 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-15 15:24 . 2009-07-15 19:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 19:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 19:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 19:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2008-04-12 20:34 . 2008-04-12 20:34 1958 ----a-w- c:\program files\Craftyov.ini
2007-10-30 10:29 . 2007-10-30 10:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43480A55-D18E-4381-AB74-6EAEAB13A0FC}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{94BD8721-F148-4A21-B5B1-A239604354F2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3199CA81-4A27-4637-B841-EFEB702E5E57}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{839F1242-517A-4F1F-8995-83FDEA08BCCC}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D1D1A9B9-AC79-4A8A-915F-B2C0501D8F02}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{ADC4A466-A878-45B7-A130-7B863F58E2BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{272D0250-963E-42C7-9EEC-2CBC1F788F8D}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{C8D66AF2-6429-49CF-9FE6-72067EF42934}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{916C8BCA-F24B-498A-8017-E53D143803FA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F8AE743A-CAC1-4002-8D78-FF767D51BFE3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CDF2F4D4-0BB9-4575-9D9E-10E1A6FDA319}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{9ECE737B-797A-4480-B932-1B28020E7977}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{3FC60B1F-ACED-42F2-BB14-35253D316210}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E640E087-C970-439B-8241-71EB2C0848EA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{005B999A-7B78-4DDA-BDA1-B41E8496ECE6}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EFA27614-A6B3-496D-BC7D-D27ABDEE76A8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BD165888-4E9D-4543-99D4-5AB5AD098B71}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4A073DF-BFE2-4720-B9D3-65049224AAD4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2DA94DD7-A362-4B13-AF84-53D669A850A5}c:\\program files\\steam\\steamapps\\makem\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\makem\half-life\hl.exe:Half-Life Launcher
"UDP Query User{4B3F13BF-345A-430D-922C-BEB2E3DF5D1D}c:\\program files\\steam\\steamapps\\makem\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\makem\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0E4A6FB5-EB11-4F64-8465-61635F05A98C}c:\\program files\\steam\\steamapps\\makem\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\makem\garrysmod\hl2.exe:hl2
"UDP Query User{8B8E6930-FA96-4433-9E04-AC97E44C9C23}c:\\program files\\steam\\steamapps\\makem\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\makem\garrysmod\hl2.exe:hl2
"TCP Query User{B0C52F1E-AD64-4DB2-870A-664539701806}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{77D0B016-3438-47F7-B16D-FB708863D9F0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{AB446EAD-07E8-42AD-8496-ADEFDD4D9166}c:\\program files\\steam\\steamapps\\makem\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\makem\source sdk base\hl2.exe:hl2
"UDP Query User{CE82983D-80D9-41E8-971E-42669BE20559}c:\\program files\\steam\\steamapps\\makem\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\makem\source sdk base\hl2.exe:hl2
"TCP Query User{4FFAB9F6-657F-43DA-A85A-36711A009448}c:\\program files\\steam\\steamapps\\elite265\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\elite265\half-life\hl.exe:Half-Life Launcher
"UDP Query User{D8FA7994-23D8-46BA-A8D5-4A29CB23ADAF}c:\\program files\\steam\\steamapps\\elite265\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\elite265\half-life\hl.exe:Half-Life Launcher
"TCP Query User{67F1413A-B155-4EFA-BAD0-ACA86F5F7BBD}c:\\program files\\steam\\steamapps\\makem\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\makem\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{89255F13-64A6-4115-A6FC-0CBD921477D5}c:\\program files\\steam\\steamapps\\makem\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\makem\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{68F6696F-81E8-48E2-A68E-3DC4F4B94C72}c:\\program files\\steam\\steamapps\\elite265\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\elite265\source sdk base\hl2.exe:hl2
"UDP Query User{36DBA262-AD00-46A6-9616-37689CDB4BAE}c:\\program files\\steam\\steamapps\\elite265\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\elite265\source sdk base\hl2.exe:hl2
"{664B5C32-B9F5-4FF1-96CB-A386CA441CEF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EA35CA3E-D40B-4D7A-8E77-E7B922207AD9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE2B03C6-310E-44AA-9D4C-9D918B3992F4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E4DE802B-8858-4687-9592-D0BF595961EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{94AFC2F0-B542-4554-81EC-574767EDD81A}c:\\program files\\steam\\steamapps\\ryanl0210\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\ryanl0210\half-life\hl.exe:Half-Life Launcher
"UDP Query User{67FB00BC-CC31-4301-9392-E835376EC248}c:\\program files\\steam\\steamapps\\ryanl0210\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\ryanl0210\half-life\hl.exe:Half-Life Launcher
"{4B7CC11B-672E-41AE-A3EC-FE3FA2EBFD5F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B3155339-72BF-4EBF-BEE0-6DF37C3843D8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9FBE0042-13CF-4AEE-9DF3-141D2DB9A776}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BC1EBE39-FFAC-4620-92D0-EAE569272C3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1C065622-E6B5-4E07-8C7B-C7FBEEF0DB88}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{594F800B-FFBE-4F01-82D0-FF1FC83FCFA9}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{D4BB55E7-B4BA-4332-9C52-138C2A2BF893}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{53EA6DAF-A9AB-4DB9-8DA5-EA68511CDF7A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9D2624A0-1423-404B-9800-C44A5AA45FE9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F83CCC4E-9D8D-4E1C-9FCD-269A1F74A699}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{106C2E91-4D32-40F1-85E0-9E9D74FE3059}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{D929E63C-5900-43E9-B337-2380993C878E}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{B630214F-E41A-4E0F-BF81-B8BA19EC70C3}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{09310B8E-0F78-4823-ADE1-8A6156E9A8DA}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{4E403EF3-0064-4FA6-8E3B-3D73BAFDDA6F}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{47D46E80-19F9-4D2C-BBAA-7450ADC1058E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3DB4E2CA-F675-4F1D-BF84-E68B18F531B3}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{A003AE50-5E6E-4900-AA5C-698B9109D5C8}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{951A8900-A684-4117-892F-8E37ADEECCE4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{54F72831-2370-4A8B-9464-E2A94DB44D77}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3D1A82F7-B65A-4DE8-AE41-8E99E7844B33}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{D796AB85-CD79-46E0-8B88-6822C69DF159}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{0FE36651-F2FB-4048-8D83-ECB65D7E17E8}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{6B8BDCB2-47CA-4852-BB78-A089EE92D0F6}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{9CC62C32-25C3-42A3-84B5-0459319B0572}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{3A460F8F-09FF-4359-B6C8-F9E9057BB881}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{D446C5A9-62AB-4F30-B08E-E1AE85F6809C}"= UDP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{DA109A91-9CC7-495A-916B-B2ED0C532407}"= TCP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{B0B4AF33-BA22-4C22-AC22-F25251E3445A}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{6031D9FB-B78C-437F-BA2C-DA24B1270A7E}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 20:41 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 18:50 21008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12:28 239648]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/12/2008 09:49 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\System32\WinFLdrv.sys [19/08/2009 02:33 10752]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
R3 RecFltr;Reclusa Keyboard;c:\windows\System32\drivers\RecFltr.sys [18/12/2007 13:37 41984]
S3 SaiH075C;SaiH075C;c:\windows\System32\drivers\SaiH075C.sys [18/11/2008 22:15 176640]
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-10-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\calvin\AppData\Roaming\Mozilla\Firefox\Profiles\rf7ysydv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - http://www.runescape.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\calvin\AppData\Roaming\Mozilla\Firefox\Profiles\rf7ysydv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 03:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\users\calvin\AppData\Roaming\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{416cda14-c08c-4352-a32c-b2f35631ca32}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001d60
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4c7abab7-c174-4f70-a736-798b70e4459e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f7a7900
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bb430a41-29c3-4116-85dd-2c355f542404}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bbc9af33-5643-43e7-9819-d6d2c9d3948c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f7a7900
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-08-27 3:42
ComboFix-quarantined-files.txt 2009-08-27 02:42

Pre-Run: 238,089,609,216 bytes free
Post-Run: 238,388,072,448 bytes free

411 --- E O F --- 2009-08-26 02:02



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:46:48, on 27/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1956764499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1956856774
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 5750 bytes

i was not aware of that i still had norton 360 still installed... i have now removed it with the use of a norton remover tool. Please tell me if i still have this anti-virus as i do only wish to use Kaspersky



As for my pc, it's been running better... i have not had a bsod for around 2 days now... so some thing is going right, although i still feel some thing is wrong... for it to of bsod. If it turns out i am clean of malware, would it be possible for you to continue assisting me in finding out the cause of the bsod? or prehaps point me in the direction of another fourm that could?
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby jmw3 » August 27th, 2009, 3:13 am

Hi
We'll make sure you are clean of malware before looking at the other issues.

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{916C8BCA-F24B-498A-8017-E53D143803FA}"=-
"{F8AE743A-CAC1-4002-8D78-FF767D51BFE3}"=-
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{416cda14-c08c-4352-a32c-b2f35631ca32}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4c7abab7-c174-4f70-a736-798b70e4459e}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bb430a41-29c3-4116-85dd-2c355f542404}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bbc9af33-5643-43e7-9819-d6d2c9d3948c}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the Download button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel

Kaspersky Online Scan
Note:- Make sure you use the Online Scanner, NOT your Kaspersky Anti-Virus program.
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
To post in next reply:
ComboFix log
Kaspersky Scan log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby makem2203 » August 29th, 2009, 5:51 pm

Hello, here is the info you asked for:
ComboFix log
Kaspersky Scan log
New HijackThis log

ComboFix 09-08-28.06 - calvin 29/08/2009 18:27.3.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2201 [GMT 1:00]
Running from: c:\users\calvin\Desktop\ComboFix.exe
Command switches used :: c:\users\calvin\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-29 17:34 . 2009-08-29 17:34 -------- d-----w- c:\users\calvin\AppData\Local\temp
2009-08-29 17:34 . 2009-08-29 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-29 17:34 . 2009-08-29 17:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-08-29 17:34 . 2009-08-29 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\.file_store_32
2009-08-26 20:04 . 2009-08-26 20:04 -------- d-----w- c:\programdata\CCP
2009-08-26 20:04 . 2009-08-26 20:04 -------- d-----w- c:\users\calvin\AppData\Local\CCP
2009-08-26 18:17 . 2009-08-26 18:17 -------- d-----w- c:\windows\system32\Adobe
2009-08-26 02:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 23:10 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 23:10 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 11:46 . 2009-08-25 11:46 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 11:46 . 2009-08-25 11:46 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 11:46 . 2009-08-25 11:46 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-25 11:46 . 2009-08-25 11:46 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 11:46 . 2009-08-25 11:46 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 11:46 . 2009-08-25 11:46 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-24 03:22 . 2009-08-24 03:22 -------- d-----w- c:\programdata\NortonInstaller
2009-08-20 22:41 . 2009-08-20 22:41 -------- d-----w- c:\program files\Sun
2009-08-19 01:33 . 2009-08-19 01:33 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-08-19 01:33 . 2009-08-19 01:33 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-08-19 01:33 . 2009-08-19 01:33 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2009-08-19 01:33 . 2009-08-19 01:41 -------- d-----w- c:\program files\Folder Lock 6
2009-08-19 01:13 . 2009-08-19 01:13 -------- d-----w- c:\users\calvin\AppData\Roaming\Uniblue
2009-08-19 01:13 . 2009-08-19 01:13 -------- d-----w- c:\program files\Uniblue
2009-08-18 23:34 . 2009-08-18 23:34 -------- d-----w- c:\users\calvin\AppData\Local\RadarSync
2009-08-18 17:21 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-18 17:21 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 16:55 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 16:55 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 16:55 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 16:55 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 16:55 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 16:55 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 16:55 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 16:55 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 10:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 10:52 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl(189).dll
2009-08-14 10:52 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-14 10:52 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32(190).dll
2009-08-14 10:52 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-14 10:52 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-14 10:52 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-14 10:52 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 22:40 . 2006-01-10 16:50 24576 ----a-r- c:\windows\system32\AsIO.dll
2009-08-13 22:40 . 2007-12-17 17:14 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2009-08-13 22:40 . 2009-08-17 00:43 -------- d-----w- c:\program files\ASUS
2009-08-13 22:30 . 2007-08-20 21:31 151552 ------r- c:\windows\system32\xRaidAPI.dll
2009-08-13 22:30 . 2007-08-30 00:57 1966080 ------r- c:\windows\system32\xRaidSetup.exe
2009-08-13 22:29 . 2007-08-31 18:58 63360 ----a-w- c:\windows\system32\drivers\jraid.sys
2009-08-13 22:29 . 2006-08-30 20:33 319984 ------r- c:\windows\system32\DifxApi.dll
2009-08-13 22:29 . 2009-08-13 22:30 -------- d-----w- c:\windows\RaidTool
2009-08-13 22:16 . 2009-08-13 22:16 -------- d-----w- c:\program files\profile
2009-08-13 22:16 . 2009-08-13 22:16 -------- d-----w- c:\program files\bin32
2009-08-13 22:15 . 2009-08-13 22:15 -------- d-----w- c:\program files\log
2009-08-13 22:13 . 2008-01-17 11:52 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2009-08-13 22:13 . 2008-01-17 11:43 353280 ----a-w- c:\windows\system32\idecoi.dll
2009-08-13 22:13 . 2008-01-29 12:55 1042464 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys
2009-08-13 22:13 . 2008-01-29 11:37 203264 ----a-w- c:\windows\system32\fdco1.dll
2009-08-13 22:05 . 2009-08-13 22:05 -------- d-----w- c:\windows\ASUSInstAll
2009-08-13 22:03 . 2009-08-13 22:03 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-13 22:03 . 2009-08-13 22:03 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-13 22:03 . 2009-08-13 22:03 -------- d-----w- c:\program files\Creative
2009-08-13 22:03 . 2007-07-03 12:11 1503232 ------w- c:\windows\system32\adi_oal.dll
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\programdata\SonicFocus
2009-08-13 22:00 . 2006-10-18 05:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2009-07-31 20:27 . 2009-07-31 20:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 19:55 . 2009-08-02 02:32 -------- d-----w- c:\users\calvin\AppData\Roaming\Hamachi
2009-07-31 19:33 . 2009-07-31 19:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-31 19:33 . 2009-07-31 19:34 -------- d-----w- c:\program files\Hamachi
2009-07-31 06:03 . 2009-08-02 09:49 -------- d-----w- c:\program files\Celtic Kings - Rage of War

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 17:08 . 2009-05-11 21:25 155810 ----a-w- c:\programdata\nvModes.dat
2009-08-29 17:08 . 2009-07-08 17:02 -------- d-----w- c:\programdata\Kaspersky Lab
2009-08-29 17:08 . 2007-10-30 02:57 -------- d-----w- c:\programdata\NVIDIA
2009-08-29 07:43 . 2008-07-02 17:51 34 ----a-w- c:\users\calvin\jagex_runescape_preferences.dat
2009-08-29 02:30 . 2007-12-18 13:12 -------- d-----w- c:\program files\Steam
2009-08-28 17:42 . 2007-12-18 13:12 -------- d-----w- c:\program files\Common Files\Steam
2009-08-27 12:19 . 2007-12-26 02:34 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 12:08 . 2008-11-14 16:24 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-20 22:40 . 2009-03-11 21:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 22:40 . 2007-12-25 17:02 -------- d-----w- c:\program files\Java
2009-08-19 12:23 . 2007-12-21 16:56 -------- d-----w- c:\program files\EA GAMES
2009-08-19 12:23 . 2007-10-30 02:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 17:02 . 2008-01-04 22:54 -------- d-----w- c:\users\calvin\AppData\Roaming\Ventrilo
2009-08-18 17:02 . 2009-03-19 18:25 -------- d-----w- c:\program files\Webshots
2009-08-18 17:02 . 2009-01-31 04:34 -------- d-----w- c:\program files\MTA San Andreas
2009-08-18 17:02 . 2008-11-23 23:58 -------- d-----w- c:\program files\PiraMod
2009-08-18 17:02 . 2008-11-18 21:28 -------- d-----w- c:\program files\Roger Wilco
2009-08-18 17:02 . 2007-12-20 19:32 -------- d-----w- c:\program files\PC Wizard 2008
2009-08-18 17:02 . 2009-07-16 22:22 -------- d-----w- c:\program files\Audacity
2009-08-18 17:02 . 2008-06-11 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 16:14 . 2008-06-25 02:11 -------- d-----w- c:\program files\wally
2009-08-14 17:44 . 2007-12-18 12:31 85184 ----a-w- c:\users\calvin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-14 17:03 . 2007-10-30 03:13 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 16:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-14 16:51 . 2007-10-30 03:04 -------- d-----w- c:\programdata\Sonic
2009-08-13 22:02 . 2009-08-13 22:01 -------- d-----w- c:\program files\Analog Devices
2009-08-02 14:47 . 2009-07-03 22:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-02 03:59 . 2009-06-13 01:01 -------- d-----w- c:\users\calvin\AppData\Roaming\vlc
2009-07-31 19:51 . 2008-03-14 14:53 -------- d-----w- c:\users\calvin\AppData\Roaming\HamachiBackup
2009-07-30 00:43 . 2009-07-30 00:43 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-30 00:42 . 2007-10-30 02:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-30 00:42 . 2009-05-11 21:21 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-18 16:06 . 2009-07-29 11:00 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 11:00 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 02:53 . 2009-07-18 02:53 -------- d-----w- c:\users\calvin\AppData\Roaming\dBpoweramp
2009-07-18 02:17 . 2009-07-18 02:17 14362 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-18 02:17 . 2009-07-18 02:17 -------- d-----w- c:\users\calvin\AppData\Roaming\AccurateRip
2009-07-18 02:17 . 2009-07-18 02:17 -------- d-----w- c:\program files\dBpowerAMP
2009-07-18 02:16 . 2008-04-10 19:10 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-17 02:43 . 2009-07-17 02:43 58800 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\Program Files\YouTube Downloader\Uninstall.exe
2009-07-16 22:14 . 2008-06-06 23:30 -------- d-----w- c:\users\calvin\AppData\Roaming\TeamViewer
2009-07-14 18:54 . 2009-07-30 00:39 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-07-30 00:39 9557216 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-07-14 18:54 . 2009-07-30 00:39 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-14 18:54 . 2009-07-30 00:39 3287040 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-07-14 18:54 . 2009-07-30 00:39 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-07-30 00:39 10854400 ----a-w- c:\windows\system32\nvoglv32.dll
2009-07-14 18:54 . 2009-07-30 00:39 1983488 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-07-30 00:39 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-07-30 00:39 151552 ----a-w- c:\windows\system32\nvcod157.dll
2009-07-14 18:54 . 2009-07-30 00:39 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-04-30 21:02 7565824 ----a-w- c:\windows\system32\nvd3dum.dll
2009-07-14 18:54 . 2007-09-17 12:56 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-07-12 01:27 . 2007-12-18 16:33 -------- d-----w- c:\users\calvin\AppData\Roaming\Xfire
2009-07-11 18:05 . 2007-12-18 16:33 -------- d-----w- c:\programdata\Xfire
2009-07-10 06:01 . 2007-12-21 15:57 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-07-09 15:38 . 2009-05-24 14:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-09 15:38 . 2009-07-09 15:38 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-09 15:38 . 2009-07-09 15:38 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-08 18:10 . 2009-07-08 18:10 -------- d-----w- c:\program files\Ventrilo
2009-07-08 17:19 . 2009-07-08 17:19 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-08 17:19 . 2009-07-08 17:19 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-08 17:19 . 2009-07-08 17:19 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-08 17:19 . 2009-07-08 17:19 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-08 17:19 . 2009-07-08 17:19 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-08 17:17 . 2009-07-08 17:17 604140 --sha-w- c:\windows\system32\drivers\ISwift3(219).dat
2009-07-08 17:17 . 2009-07-08 17:17 604140 ------w- c:\windows\system32\drivers\ISwift3.dat
2009-07-08 17:02 . 2009-07-08 17:02 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-08 17:02 . 2009-07-08 17:02 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-08 17:02 . 2009-07-08 17:02 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-08 17:00 . 2009-07-08 17:00 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-07 07:44 . 2007-12-18 16:33 -------- d-----w- c:\program files\Xfire
2009-07-03 22:45 . 2009-07-03 22:15 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-03 22:44 . 2007-10-30 03:00 -------- d-----w- c:\program files\Microsoft Works
2009-07-03 22:17 . 2009-07-03 22:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-03 22:17 . 2009-07-03 22:17 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-03 22:17 . 2009-07-03 22:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-03 22:14 . 2009-07-03 22:14 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-15 15:24 . 2009-07-15 19:04 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 19:04 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 19:04 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 19:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume2\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2008-04-12 20:34 . 2008-04-12 20:34 1958 ----a-w- c:\program files\Craftyov.ini
2007-10-30 10:29 . 2007-10-30 10:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-27_02.38.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 02:51 . 2009-08-29 17:10 63830 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-10-30 02:51 . 2009-08-26 16:14 63830 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-29 17:10 97970 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-12-18 12:08 . 2009-08-26 16:14 18740 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-982722604-1779561880-2959229312-1002_UserData.bin
+ 2007-12-18 12:08 . 2009-08-29 17:10 18740 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-982722604-1779561880-2959229312-1002_UserData.bin
+ 2007-12-18 12:04 . 2009-08-29 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-18 12:04 . 2009-08-25 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-18 12:04 . 2009-08-25 00:32 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-18 12:04 . 2009-08-29 03:59 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-18 12:04 . 2009-08-25 00:32 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-18 12:04 . 2009-08-29 03:59 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-26 16:12 . 2009-08-26 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-29 17:08 . 2009-08-29 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-29 17:08 . 2009-08-29 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-26 16:12 . 2009-08-26 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 09:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43480A55-D18E-4381-AB74-6EAEAB13A0FC}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{94BD8721-F148-4A21-B5B1-A239604354F2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3199CA81-4A27-4637-B841-EFEB702E5E57}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{839F1242-517A-4F1F-8995-83FDEA08BCCC}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D1D1A9B9-AC79-4A8A-915F-B2C0501D8F02}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{ADC4A466-A878-45B7-A130-7B863F58E2BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{272D0250-963E-42C7-9EEC-2CBC1F788F8D}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{C8D66AF2-6429-49CF-9FE6-72067EF42934}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{CDF2F4D4-0BB9-4575-9D9E-10E1A6FDA319}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{9ECE737B-797A-4480-B932-1B28020E7977}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{3FC60B1F-ACED-42F2-BB14-35253D316210}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E640E087-C970-439B-8241-71EB2C0848EA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{005B999A-7B78-4DDA-BDA1-B41E8496ECE6}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EFA27614-A6B3-496D-BC7D-D27ABDEE76A8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BD165888-4E9D-4543-99D4-5AB5AD098B71}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4A073DF-BFE2-4720-B9D3-65049224AAD4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2DA94DD7-A362-4B13-AF84-53D669A850A5}c:\\program files\\steam\\steamapps\\makem\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\makem\half-life\hl.exe:Half-Life Launcher
"UDP Query User{4B3F13BF-345A-430D-922C-BEB2E3DF5D1D}c:\\program files\\steam\\steamapps\\makem\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\makem\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0E4A6FB5-EB11-4F64-8465-61635F05A98C}c:\\program files\\steam\\steamapps\\makem\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\makem\garrysmod\hl2.exe:hl2
"UDP Query User{8B8E6930-FA96-4433-9E04-AC97E44C9C23}c:\\program files\\steam\\steamapps\\makem\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\makem\garrysmod\hl2.exe:hl2
"TCP Query User{B0C52F1E-AD64-4DB2-870A-664539701806}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{77D0B016-3438-47F7-B16D-FB708863D9F0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{AB446EAD-07E8-42AD-8496-ADEFDD4D9166}c:\\program files\\steam\\steamapps\\makem\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\makem\source sdk base\hl2.exe:hl2
"UDP Query User{CE82983D-80D9-41E8-971E-42669BE20559}c:\\program files\\steam\\steamapps\\makem\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\makem\source sdk base\hl2.exe:hl2
"TCP Query User{4FFAB9F6-657F-43DA-A85A-36711A009448}c:\\program files\\steam\\steamapps\\elite265\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\elite265\half-life\hl.exe:Half-Life Launcher
"UDP Query User{D8FA7994-23D8-46BA-A8D5-4A29CB23ADAF}c:\\program files\\steam\\steamapps\\elite265\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\elite265\half-life\hl.exe:Half-Life Launcher
"TCP Query User{67F1413A-B155-4EFA-BAD0-ACA86F5F7BBD}c:\\program files\\steam\\steamapps\\makem\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\makem\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{89255F13-64A6-4115-A6FC-0CBD921477D5}c:\\program files\\steam\\steamapps\\makem\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\makem\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{68F6696F-81E8-48E2-A68E-3DC4F4B94C72}c:\\program files\\steam\\steamapps\\elite265\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\elite265\source sdk base\hl2.exe:hl2
"UDP Query User{36DBA262-AD00-46A6-9616-37689CDB4BAE}c:\\program files\\steam\\steamapps\\elite265\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\elite265\source sdk base\hl2.exe:hl2
"{664B5C32-B9F5-4FF1-96CB-A386CA441CEF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EA35CA3E-D40B-4D7A-8E77-E7B922207AD9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE2B03C6-310E-44AA-9D4C-9D918B3992F4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E4DE802B-8858-4687-9592-D0BF595961EA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{94AFC2F0-B542-4554-81EC-574767EDD81A}c:\\program files\\steam\\steamapps\\ryanl0210\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\ryanl0210\half-life\hl.exe:Half-Life Launcher
"UDP Query User{67FB00BC-CC31-4301-9392-E835376EC248}c:\\program files\\steam\\steamapps\\ryanl0210\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\ryanl0210\half-life\hl.exe:Half-Life Launcher
"{4B7CC11B-672E-41AE-A3EC-FE3FA2EBFD5F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B3155339-72BF-4EBF-BEE0-6DF37C3843D8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9FBE0042-13CF-4AEE-9DF3-141D2DB9A776}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BC1EBE39-FFAC-4620-92D0-EAE569272C3E}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1C065622-E6B5-4E07-8C7B-C7FBEEF0DB88}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{594F800B-FFBE-4F01-82D0-FF1FC83FCFA9}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{D4BB55E7-B4BA-4332-9C52-138C2A2BF893}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{53EA6DAF-A9AB-4DB9-8DA5-EA68511CDF7A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9D2624A0-1423-404B-9800-C44A5AA45FE9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F83CCC4E-9D8D-4E1C-9FCD-269A1F74A699}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{106C2E91-4D32-40F1-85E0-9E9D74FE3059}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{D929E63C-5900-43E9-B337-2380993C878E}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{B630214F-E41A-4E0F-BF81-B8BA19EC70C3}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{09310B8E-0F78-4823-ADE1-8A6156E9A8DA}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{4E403EF3-0064-4FA6-8E3B-3D73BAFDDA6F}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{47D46E80-19F9-4D2C-BBAA-7450ADC1058E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{3DB4E2CA-F675-4F1D-BF84-E68B18F531B3}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{A003AE50-5E6E-4900-AA5C-698B9109D5C8}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{951A8900-A684-4117-892F-8E37ADEECCE4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{54F72831-2370-4A8B-9464-E2A94DB44D77}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3D1A82F7-B65A-4DE8-AE41-8E99E7844B33}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{D796AB85-CD79-46E0-8B88-6822C69DF159}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{0FE36651-F2FB-4048-8D83-ECB65D7E17E8}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{6B8BDCB2-47CA-4852-BB78-A089EE92D0F6}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{9CC62C32-25C3-42A3-84B5-0459319B0572}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{3A460F8F-09FF-4359-B6C8-F9E9057BB881}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{D446C5A9-62AB-4F30-B08E-E1AE85F6809C}"= UDP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{DA109A91-9CC7-495A-916B-B2ED0C532407}"= TCP:c:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{B0B4AF33-BA22-4C22-AC22-F25251E3445A}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{6031D9FB-B78C-437F-BA2C-DA24B1270A7E}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 20:41 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 18:50 21008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 12:28 239648]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/12/2008 09:49 185640]
R2 WinFLdrv;WinFLdrv;c:\windows\System32\WinFLdrv.sys [19/08/2009 02:33 10752]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
R3 RecFltr;Reclusa Keyboard;c:\windows\System32\drivers\RecFltr.sys [18/12/2007 13:37 41984]
S3 SaiH075C;SaiH075C;c:\windows\System32\drivers\SaiH075C.sys [18/11/2008 22:15 176640]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-10-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\calvin\AppData\Roaming\Mozilla\Firefox\Profiles\rf7ysydv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - http://www.runescape.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\calvin\AppData\Roaming\Mozilla\Firefox\Profiles\rf7ysydv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 18:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\users\calvin\AppData\Roaming\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3708)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Completion time: 2009-08-29 18:37
ComboFix-quarantined-files.txt 2009-08-29 17:37
ComboFix2.txt 2009-08-27 02:42

Pre-Run: 245,935,349,760 bytes free
Post-Run: 245,835,476,992 bytes free

383 --- E O F --- 2009-08-27 16:46

When i went to do the online scanner, i got the following message:


"Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.



You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Key is expired]"

Due to this, i was unable to finish the update process.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:14, on 29/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1956764499
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1956856774
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 5810 bytes
makem2203
Regular Member
 
Posts: 85
Joined: June 7th, 2008, 1:44 pm

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby jmw3 » August 30th, 2009, 1:30 am

Hi

If the Kaspersky scan is giving you problems, try this one:

ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Extreme Slow Down on PC. Require Assistance Please.

Unread postby chryssi2001 » September 3rd, 2009, 1:27 pm

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware