Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware causing CPU overload

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware causing CPU overload

Unread postby skip_ski73 » May 5th, 2010, 8:01 am

Hi,
PC Start up very slow (average boot time =90 mins)
CPU at 100% but not with one single process, CPU usage jumps from process to process, often with 4 or 5 processes indicated
Have run Anti-virus, spyware and adaware to no avail.
PC will boot into SafeMode with no anomalies other than the inability to connect to the internet.

Required info;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:33:14, on 05/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\My Documents II\F My Received Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-329068152-115176313-682003330-1003\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win (User '?')
O4 - HKUS\S-1-5-21-329068152-115176313-682003330-1003\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-329068152-115176313-682003330-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-115176313-682003330-1003\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User '?')
O4 - HKUS\S-1-5-21-329068152-115176313-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-115176313-682003330-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-115176313-682003330-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-329068152-115176313-682003330-1003 Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\client.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\client.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live

Toolbar\Components\en-gb\msntabres.dll.mui/229?431d230c481348e2b2e28fb072f82d62
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live

Toolbar\Components\en-gb\msntabres.dll.mui/230?431d230c481348e2b2e28fb072f82d62
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/14b6b0f1a3e1d5078c ... xIE601.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 3670882453
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - AppInit_DLLs: [NOT FOUND] C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c985cd1448ccb8) (gupdate1c985cd1448ccb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.evolution2.com/tignes/

--
End of file - 12581 bytes

Acoustica Effects Pack
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
CDDRV_Installer
Clock Screen Saver
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Data Lifeguard
Desktop Currency Converter
DigiGuide TV Guide
Disk Cleaner (remove only)
DivX Codec
English2metric 1.0
erLT
EZT
FileZilla Client 3.2.8.1
FLV Player 2.0 (build 25)
Folder Marker v 1.4
Géorando - Isère / Savoie
Gestionnaire Internet
Glary Utilities 2.19.0.800
Google Desktop
Google Earth
Google SketchUp 7
Google Update Helper
Google Updater
HDD Health v2.1 Beta
Hex Workshop v6
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iDisk Utility for Windows
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 20
KhalInstallWrapper
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Livebox
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash MX 2004
MAGIX playR jukebox
MAGIX video deLuxe 2.0 OEM
Manuel de l'appareil Windows Mobile®
Map Button (Windows Live Toolbar)
Map Button (Windows Live Toolbar)
Matrox Graphics Software (remove only)
Media Library Management Wizard
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Beta 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (3.6.3)
MP3 To Wave Converter PLUS
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Navigateur Orange
Nero - Burning Rom (Web installer)
NVIDIA Windows 2000/XP Display Drivers
OneCare Advisor (Windows Live Toolbar)
Opera 9.0
PC Tools AntiVirus 6.1
Personal License Update Wizard for Windows Media Player
PNGGauntlet
Popup Blocker (Windows Live Toolbar)
Popup Blocker (Windows Live Toolbar)
PowerISO
QuickTime
Reason 1.0
Reason 2 CD1 +KeyGen
Sagem - 802.11g Wi-Fi USB Dongle LAN Utility
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SimCity 2000® Special Edition
Smart Menus (Windows Live Toolbar)
Smart Menus (Windows Live Toolbar)
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
SopCast 3.0.3
Stardock Central
Steam
StuffIt 7.0
SUPERAntiSpyware Free Edition
SWiSHmax
Tabbed Browsing (Windows Live Toolbar)
Tabbed Browsing (Windows Live Toolbar)
Total Recorder 4.2
Trust Flat Scan USB 19200
Uniblue RegistryBooster 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
VIA Integrated Setup Wizard
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Desktop Manager Powertoy for Windows XP
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Infinite Menus
Vuze
WD Diagnostics
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Resource Kit Tools - SubInAcl.exe
Windows Script V5.6 Documentation
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
xVideoServiceThief
ZoneAlarm
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am
Advertisement
Register to Remove

Re: Malware causing CPU overload

Unread postby peku006 » May 9th, 2010, 3:56 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.


    Vuze

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next.

Please post a new Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 10th, 2010, 3:27 am

Hi,
P2P has been removed

Updated Uninstall List

Acoustica Effects Pack
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
CDDRV_Installer
Clock Screen Saver
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Data Lifeguard
Desktop Currency Converter
DigiGuide TV Guide
Disk Cleaner (remove only)
DivX Codec
English2metric 1.0
erLT
EZT
FileZilla Client 3.2.8.1
FLV Player 2.0 (build 25)
Folder Marker v 1.4
Géorando - Isère / Savoie
Gestionnaire Internet
Glary Utilities 2.19.0.800
Google Desktop
Google Earth
Google SketchUp 7
Google Update Helper
Google Updater
HDD Health v2.1 Beta
Hex Workshop v6
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iDisk Utility for Windows
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 20
KhalInstallWrapper
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Livebox
Logitech SetPoint
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash MX 2004
MAGIX playR jukebox
MAGIX video deLuxe 2.0 OEM
Manuel de l'appareil Windows Mobile®
Map Button (Windows Live Toolbar)
Map Button (Windows Live Toolbar)
Matrox Graphics Software (remove only)
Media Library Management Wizard
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Beta 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (3.6.3)
MP3 To Wave Converter PLUS
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Navigateur Orange
Nero - Burning Rom (Web installer)
NVIDIA Windows 2000/XP Display Drivers
OneCare Advisor (Windows Live Toolbar)
Opera 9.0
PC Tools AntiVirus 6.1
Personal License Update Wizard for Windows Media Player
PNGGauntlet
Popup Blocker (Windows Live Toolbar)
Popup Blocker (Windows Live Toolbar)
PowerISO
QuickTime
Reason 1.0
Reason 2 CD1 +KeyGen
Sagem - 802.11g Wi-Fi USB Dongle LAN Utility
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SimCity 2000® Special Edition
Smart Menus (Windows Live Toolbar)
Smart Menus (Windows Live Toolbar)
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
SopCast 3.0.3
Stardock Central
Steam
StuffIt 7.0
SUPERAntiSpyware Free Edition
SWiSHmax
Tabbed Browsing (Windows Live Toolbar)
Tabbed Browsing (Windows Live Toolbar)
Total Recorder 4.2
Trust Flat Scan USB 19200
Uniblue RegistryBooster 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Service
VIA Integrated Setup Wizard
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Desktop Manager Powertoy for Windows XP
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Infinite Menus
WD Diagnostics
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Resource Kit Tools - SubInAcl.exe
Windows Script V5.6 Documentation
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
xVideoServiceThief
ZoneAlarm
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby peku006 » May 14th, 2010, 10:27 am

Hi skip_ski73

Sorry for the delay, I have problems with my e-mail

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 17th, 2010, 10:05 am

Hi peku006,

OTL scan is still running (36 hours + ....)
Will post results when completed

Thanks Skip
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 18th, 2010, 4:33 pm

hi peku006

please find below the results requested

OTL logfile created on: 16/05/2010 04:15:37 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\My Documents II\F My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.76 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 103.54 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 879.58 Gb Free Space | 94.42% Space Free | Partition Type: NTFS

Computer Name: KEVBO
Current User Name: Kev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\My Documents II\F My Received Files\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
PRC - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
PRC - C:\Program Files\Wanadoo\GestionnaireInternet.exe (France Télécom R&D)
PRC - C:\Program Files\Wanadoo\ComComp.exe (France Télécom R&D)
PRC - C:\Program Files\Common Files\Stardock\sdmcp.exe (Stardock)
PRC - C:\Program Files\Wanadoo\PollingModule.exe ()
PRC - C:\WINDOWS\system32\AlertModule\AlertModule.exe ()
PRC - C:\Program Files\Wanadoo\TaskBarIcon.exe (France Télécom R&D)
PRC - C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
PRC - C:\Program Files\Wanadoo\Watch.exe (France Télécom R&D)
PRC - C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
PRC - C:\WINDOWS\system32\mgabg.exe (Matrox Graphics Inc.)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - F:\My Documents II\F My Received Files\OTL(2).exe (OldTimer Tools)
MOD - C:\Program Files\PC Tools AntiVirus\PCTAVHook.dll (PC Tools Research Pty Ltd)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (PCTAVSvc) -- C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (PC Tools Research Pty Ltd)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (clr_optimization_v2.0.50215_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDSched) -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe (Raxco Software, Inc.)
SRV - (FTRTSVC) -- C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
SRV - (MGABGEXE) -- C:\WINDOWS\system32\mgabg.exe (Matrox Graphics Inc.)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (AVRec) -- C:\WINDOWS\system32\drivers\AVRec.sys (PC Tools Research Pty Ltd )
DRV - (AVHook) -- C:\WINDOWS\system32\drivers\AVHook.sys (PC Tools Research Pty Ltd.)
DRV - (AVFilter) -- C:\WINDOWS\system32\drivers\AVFilter.sys (PC Tools Research Pty Ltd)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (gameenum) Crystal SoundFusion(tm) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (G400DH) -- C:\WINDOWS\system32\drivers\g400dhm.sys (Matrox Graphics Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (Defrag32b) -- C:\WINDOWS\system32\drivers\defrag32b.sys (Raxco Software, Inc.)
DRV - (Defrag32) -- C:\WINDOWS\system32\drivers\defrag32.sys (Raxco Software, Inc.)
DRV - (WlanUIG) -- C:\WINDOWS\system32\drivers\WlanUIG.sys (Conexant Systems, Inc.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (viasraid) -- C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\viaudios.sys (VIA Technologies, Inc.)
DRV - (PL2302) -- C:\WINDOWS\system32\drivers\PL2302.sys (Prolific Technology Inc. (www.prolific.com.tw))
DRV - (cwcwdm) Crystal SoundFusion(tm) -- C:\WINDOWS\system32\drivers\cwcwdm.sys (Crystal Semiconductor Corp.)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)
DRV - (STV680) -- C:\WINDOWS\system32\drivers\stv680.sys (STMicroelectronics )
DRV - (STV680m) -- C:\WINDOWS\system32\drivers\stv680m.sys (STMicroelectronics )
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
DRV - (cwcspud) Crystal SoundFusion(tm) -- C:\WINDOWS\system32\drivers\cwcspud.sys (Crystal Semiconductor Corp.)
DRV - (ham50) -- C:\WINDOWS\system32\drivers\IntelH51.sys (Intel Corporation)
DRV - (GT680x) -- C:\WINDOWS\system32\drivers\Tr11691g.sys ( )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll ()
IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.6.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.21
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 05:38:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/24 12:09:54 | 000,000,000 | ---D | M]

[2008/09/07 14:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Extensions
[2010/05/11 19:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions
[2010/02/06 12:39:28 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/28 10:49:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2006/07/31 21:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/11 19:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2007/10/26 16:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\cy-GB@dictionaries.addons.mozilla.org
[2007/10/26 14:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\EN-GB@~1.ORG
[2010/02/06 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\facepad@lazyrussian.com
[2010/02/06 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\personas@christopher.beard
[2008/02/23 11:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\translator@dontfollowme.net
[2008/06/24 09:02:46 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\searchplugins\wikipedia-en.xml
[2010/05/11 19:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/24 12:10:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/07/24 11:48:00 | 002,416,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
[2010/04/24 12:09:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/10/26 19:52:45 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/09/05 13:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2010/02/20 04:36:33 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2006/02/15 17:37:34 | 000,000,742 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-682003330-1003\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-329068152-115176313-682003330-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe (PC Tools Research Pty Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe File not found
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Wanadoo\Watch.exe (France Télécom R&D)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-329068152-115176313-682003330-1003..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKU\S-1-5-21-329068152-115176313-682003330-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-329068152-115176313-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-329068152-115176313-682003330-1003..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - Startup: C:\Documents and Settings\Kev\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Kev\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\client.exe (GipsyMedia Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-115176313-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-329068152-115176313-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-329068152-115176313-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-329068152-115176313-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150/14b6b0f1a3e1d5078c ... xIE601.cab (Reg Error: Key error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3670882453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5396412037 (Reg Error: Key error.)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/A ... gWXMSN.cab (BatchDownloader Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMe ... loader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - AppInit_DLLs: ([NOT FOUND] C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\MCPClient: DllName - C:\Program Files\Common Files\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\mcpcore.dll (Stardock)
O24 - Desktop Components:0 () - http://www.evolution2.com/tignes/
O24 - Desktop WallPaper: C:\Documents and Settings\Kev\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kev\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/01 21:18:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/23 08:32:14 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2100/02/08 15:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2010/05/11 19:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Application Data\QuickScan
[2010/04/24 12:09:54 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/24 12:09:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 12:09:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 12:09:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 12:09:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/23 22:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kev\My Documents\Vuze Downloads
[2010/04/23 22:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/23 22:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Application Data\Azureus
[2010/04/21 23:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/21 11:22:43 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/21 11:22:31 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/21 11:18:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2007/02/27 12:22:27 | 000,017,168 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Tr11691g.sys
[2005/06/02 23:48:57 | 000,047,616 | ---- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kev\My Documents\*.tmp files -> C:\Documents and Settings\Kev\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 19:12:39 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/18 19:06:08 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/05/18 18:00:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/05/18 09:49:25 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/18 07:35:35 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\{1D7BCB12-189B-4D3C-973D-A69DC4D9DF96}_KEVBO_Kev.job
[2010/05/18 02:39:57 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/15 13:43:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/13 18:32:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/13 09:39:09 | 023,592,960 | ---- | M] () -- C:\Documents and Settings\Kev\ntuser.dat
[2010/05/12 21:48:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/10 09:38:02 | 000,002,671 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\Sony Ericsson PC Suite.lnk
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/04 08:28:35 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\Synthèse des produits enfants et ados TIGNES et VAL D.doc
[2010/05/04 07:41:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kev\My Documents\~$nthèse des produits enfants et ados TIGNES et VAL D.doc
[2010/05/03 13:14:00 | 000,221,184 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\Questionnaire Analysis Proforma (Evo2).xls
[2010/05/03 12:10:10 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/05/03 11:06:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 10:47:38 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/03 10:45:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/03 10:44:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/03 10:43:21 | 1341,743,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 10:40:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kev\ntuser.ini
[2010/05/03 10:37:46 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gestionnaire Internet.lnk
[2010/05/03 10:04:55 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Navigateur Orange.lnk
[2010/05/02 08:25:29 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\Shortcut to siw.lnk
[2010/04/26 08:52:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/24 14:03:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/04/24 12:09:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 12:09:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 12:09:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 12:09:25 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/24 12:09:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/22 12:47:26 | 000,007,765 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Télégraph.ign
[2010/04/22 12:47:25 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Télégraph.ignwp
[2010/04/22 12:42:09 | 000,007,765 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Grand Balme Couloir.ign
[2010/04/22 12:42:09 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Grand Balme Couloir.ignwp
[2010/04/22 12:00:09 | 000,006,799 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Lavachet Couloir.ign
[2010/04/22 12:00:09 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Lavachet Couloir.ignwp
[2010/04/22 11:54:16 | 000,007,692 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril (Combefolle Variant).ign
[2010/04/22 11:54:16 | 000,002,460 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril (Combefolle Variant).ignwp
[2010/04/22 11:52:49 | 000,007,833 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril.ign
[2010/04/22 11:52:49 | 000,002,586 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril.ignwp
[2010/04/22 11:39:36 | 000,005,269 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir du Lac.ign
[2010/04/22 11:39:36 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir du Lac.ignwp
[2010/04/22 11:38:11 | 000,005,410 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Bowl (low).ign
[2010/04/22 11:38:11 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Bowl (low).ignwp
[2010/04/22 11:36:47 | 000,005,410 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir.ign
[2010/04/22 11:36:46 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir.ignwp
[2010/04/22 07:48:50 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\STM.lnk
[2010/04/21 11:22:28 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/21 11:22:25 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/21 11:18:41 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kev\My Documents\*.tmp files -> C:\Documents and Settings\Kev\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/23 13:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 14:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/05/04 07:41:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kev\My Documents\~$nthèse des produits enfants et ados TIGNES et VAL D.doc
[2010/05/03 13:22:00 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\Synthèse des produits enfants et ados TIGNES et VAL D.doc
[2010/05/03 13:14:00 | 000,221,184 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\Questionnaire Analysis Proforma (Evo2).xls
[2010/05/02 19:26:48 | 1341,743,104 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/02 08:25:29 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\Shortcut to siw.lnk
[2010/04/27 08:56:54 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\SUPERAntiSpyware.lnk
[2010/04/27 07:23:06 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gestionnaire Internet.lnk
[2010/04/27 07:20:23 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Navigateur Orange.lnk
[2010/04/24 11:39:37 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/22 12:47:26 | 000,007,765 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Télégraph.ign
[2010/04/22 12:47:25 | 000,002,334 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Télégraph.ignwp
[2010/04/22 12:42:09 | 000,007,765 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Grand Balme Couloir.ign
[2010/04/22 12:42:09 | 000,002,334 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Grand Balme Couloir.ignwp
[2010/04/22 12:00:09 | 000,006,799 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Lavachet Couloir.ign
[2010/04/22 12:00:09 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Lavachet Couloir.ignwp
[2010/04/22 11:54:16 | 000,007,692 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril (Combefolle Variant).ign
[2010/04/22 11:54:16 | 000,002,460 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril (Combefolle Variant).ignwp
[2010/04/22 11:48:34 | 000,007,833 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril.ign
[2010/04/22 11:48:34 | 000,002,586 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Toviere 2 Chevril.ignwp
[2010/04/22 11:39:36 | 000,005,269 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir du Lac.ign
[2010/04/22 11:39:36 | 000,000,486 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir du Lac.ignwp
[2010/04/22 11:38:11 | 000,005,410 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Bowl (low).ign
[2010/04/22 11:38:11 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Bowl (low).ignwp
[2010/04/22 11:36:47 | 000,005,410 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir.ign
[2010/04/22 11:36:46 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\STM O-P Chardonnet Couloir.ignwp
[2010/04/22 00:19:16 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/21 11:25:30 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/21 11:18:41 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/17 02:09:59 | 000,000,537 | ---- | C] () -- C:\WINDOWS\MRAPI32.INI
[2008/10/17 09:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2008/09/30 18:45:25 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/07/26 18:42:46 | 000,208,976 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/03/10 00:49:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/09/10 11:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ColorFax.ini
[2007/06/03 16:55:50 | 000,009,577 | ---- | C] () -- C:\WINDOWS\xtrkcad.ini
[2007/03/09 11:58:39 | 000,000,264 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2007/02/27 12:22:27 | 000,196,608 | ---- | C] () -- C:\WINDOWS\Ausba2.dll
[2007/02/27 12:22:27 | 000,011,460 | ---- | C] () -- C:\WINDOWS\Trust32.ini
[2007/02/27 12:22:27 | 000,002,485 | ---- | C] () -- C:\WINDOWS\Ausba2.INI
[2007/02/27 12:22:23 | 000,001,687 | ---- | C] () -- C:\WINDOWS\Tr11691S.INI
[2007/02/03 13:24:39 | 000,000,027 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2007/01/24 17:39:58 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/01/09 11:58:48 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/01/09 11:55:53 | 000,000,210 | ---- | C] () -- C:\WINDOWS\magix.ini
[2007/01/09 11:55:52 | 000,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/10/31 17:07:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/01 16:41:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/23 21:55:37 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/05/03 20:58:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2006/03/15 16:48:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/03/15 16:48:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/11/20 20:03:07 | 000,000,207 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2005/09/27 13:23:49 | 000,042,794 | ---- | C] () -- C:\WINDOWS\php.ini
[2005/09/11 01:51:39 | 000,000,099 | ---- | C] () -- C:\WINDOWS\TrayServerData.ini
[2005/08/23 22:27:40 | 000,000,239 | ---- | C] () -- C:\WINDOWS\mix-fx.ini
[2005/07/05 12:00:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2005/06/02 23:48:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Zipit.dll
[2005/05/18 00:06:53 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/05/16 19:19:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2005/05/16 19:10:39 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2005/05/13 16:24:33 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Kev.ini
[2005/05/01 14:13:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/04/30 18:57:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/03 20:23:38 | 000,000,603 | ---- | C] () -- C:\WINDOWS\FNTNSTLR.INI
[2004/11/02 13:21:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6g.dll
[2004/11/02 13:16:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2004/11/02 13:16:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Aston Villa.ini
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/05/06 15:04:30 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2003/10/16 21:38:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/10/16 16:35:06 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2003/10/16 15:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GSP_ENG.INI
[2003/10/14 02:36:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2003/10/01 09:26:54 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Mros416.dll
[2003/09/24 12:47:50 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/09/23 02:31:28 | 000,000,145 | ---- | C] () -- C:\WINDOWS\StarryNight.ini
[2003/09/22 20:33:06 | 000,080,538 | ---- | C] () -- C:\WINDOWS\vb700r.dll
[2003/09/15 12:09:54 | 000,000,023 | ---- | C] () -- C:\WINDOWS\RTD.ini
[2003/09/07 23:13:17 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2003/08/31 12:31:52 | 000,000,279 | ---- | C] () -- C:\WINDOWS\SC-INFO.INI
[2003/08/17 21:10:44 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Navigma.INI
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/08/07 12:38:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\DrvTrNTl.dll
[2003/08/07 12:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\REGKEYCR.INI
[2003/08/07 11:49:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/08/07 11:49:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2003/08/04 14:27:45 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2003/08/02 22:18:38 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/02 14:37:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/01 22:08:51 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2003/08/01 22:06:44 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2002/10/04 08:01:42 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/06/06 03:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2002/03/19 17:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[1999/04/20 02:15:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/03/17 19:15:00 | 000,000,117 | ---- | C] () -- C:\WINDOWS\smp32.dll
[1997/07/28 01:00:00 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\OPENGL.DLL
[1997/07/28 01:00:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\GLU.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Unicode (All) ==========
[2007/02/06 14:14:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Kev\Application Data\T?sks) -- C:\Documents and Settings\Kev\Application Data\Tаsks
[2007/02/04 19:11:53 | 000,000,000 | ---D | M](C:\WINDOWS\?ecurity) -- C:\WINDOWS\ѕecurity
[2006/12/23 00:19:08 | 000,000,000 | ---D | C](C:\WINDOWS\?ecurity) -- C:\WINDOWS\ѕecurity
(C:\Documents and Settings\Kev\Application Data\T?sks) -- C:\Documents and Settings\Kev\Application Data\Tаsks

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >


OTL Extras logfile created on: 16/05/2010 04:15:38 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = F:\My Documents II\F My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0F:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.76 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 103.54 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 879.58 Gb Free Space | 94.42% Space Free | Partition Type: NTFS

Computer Name: KEVBO
Current User Name: Kev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-329068152-115176313-682003330-1003\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Search Archives...] -- "C:\Program Files\Aladdin Systems\StuffIt 7.0\ArchiveSearch\archivesearch.exe" -dir "%L" (Aladdin Systems)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"18950:TCP" = 18950:TCP:*:Enabled:BitComet 18950 TCP
"18950:UDP" = 18950:UDP:*:Enabled:BitComet 18950 UDP
"23282:TCP" = 23282:TCP:*:Enabled:BitComet 23282 TCP
"23282:UDP" = 23282:UDP:*:Enabled:BitComet 23282 UDP
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kazaa Lite K++\Kazaa.kpp" = C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Enabled:Kazaa -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe:*:Enabled:Adobe Photoshop CS2 -- (Adobe Systems, Incorporated)
"C:\Program Files\Curious Labs\Poser 5\poser.exe" = C:\Program Files\Curious Labs\Poser 5\poser.exe:*:Enabled:Poser executable file -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\HighCriteria\TotalRecorder\TotalRecorder.exe" = C:\Program Files\HighCriteria\TotalRecorder\TotalRecorder.exe:*:Enabled:Total Recorder (Standard Edition) -- (High Criteria inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\Kev\Desktop\My Mobile\MyMobiler\MyMobiler.exe" = C:\Documents and Settings\Kev\Desktop\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler -- ()
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08D5F916-8952-4EFD-B4E4-AFE5577DBB81}" = Visual Infinite Menus
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E691604-B328-4B4A-8F17-C9D6395075C5}" = Sagem - 802.11g Wi-Fi USB Dongle LAN Utility
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
"{2E48A9E4-C531-4B71-ADF1-F80403413914}" = Opera 9.0
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{309A8F38-1D24-4599-AC57-515D9183FF96}" = Trust Flat Scan USB 19200
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3F171960-DA83-4259-99AF-9DD8C6F6BA52}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCD7A06-1C0E-4C6D-BBB9-1472A9685AF8}" = EZT
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{62CCEC33-5BA7-4890-A06C-34B8844462CE}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63BCC5DB-1371-4C0B-9123-F2B4DDF9F9B8}" = Smart Menus (Windows Live Toolbar)
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7374C760-F6DC-11D3-B526-006097B06BE3}" = StuffIt 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A1ADD0C-17F3-47B8-B033-A06E189C835D}" = Microsoft .NET Framework 2.0 Beta 2
"{7C79323D-E881-4290-B64E-0AB74464EF5A}" = Map Button (Windows Live Toolbar)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8CB86494-F15E-4DEC-8A7A-54AD5256790A}" = Popup Blocker (Windows Live Toolbar)
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B1ADC3B6-CBFD-431A-8E20-73059C55690C}" = iDisk Utility for Windows
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49E87AC-2A1B-4A11-B9F2-A75316319215}" = PNGGauntlet
"{C5543AEA-46CF-4214-B31D-1D48C64502AD}" = xVideoServiceThief
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE1B4A56-9F34-4E88-AD25-DA219320C68D}" = Reason
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D6CE1168-3ACD-4094-B7AF-7CC35BD4306D}" = Géorando - Isère / Savoie
"{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
"{DAE44BCE-6CD2-4AF0-9563-2B09433B94BB}" = Tabbed Browsing (Windows Live Toolbar)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2009
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = Livebox
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Acoustica Effects Pack" = Acoustica Effects Pack
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CUR_CONVERTER" = CUR_CONVERTER
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Desktop Currency Converter" = Desktop Currency Converter
"DigiGuide TV Guide" = DigiGuide TV Guide
"DiskCleaner" = Disk Cleaner (remove only)
"DivX Codec" = DivX Codec
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"English2metric" = English2metric 1.0
"Eye Candy 4000" = Eye Candy 4000
"FileZilla Client" = FileZilla Client 3.2.8.1
"FLV Player" = FLV Player 2.0 (build 25)
"Folder Marker_is1" = Folder Marker v 1.4
"FranceTelecomUninstall_FTBrowser" = Navigateur Orange
"GestionnaireInternet.exe" = Gestionnaire Internet
"Glary Utilities_is1" = Glary Utilities 2.19.0.800
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDD Health_is1" = HDD Health v2.1 Beta
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"LHTTSENG" = L&H TTS3000 British English
"MAGIX playR jukebox" = MAGIX playR jukebox
"MAGIX video deLuxe 2.0 OEM" = MAGIX video deLuxe 2.0 OEM
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Beta 2" = Microsoft .NET Framework 2.0 Beta 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 To Wave Converter PLUS" = MP3 To Wave Converter PLUS
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nero - Burning Rom!UninstallKey" = Nero - Burning Rom (Web installer)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1
"PowerISO" = PowerISO
"Reason 1.0" = Reason 1.0
"Reason 2 CD1 +KeyGen" = Reason 2 CD1 +KeyGen
"Scriptdoc" = Windows Script V5.6 Documentation
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimCity2000CDv1" = SimCity 2000® Special Edition
"SopCast" = SopCast 3.0.3
"Stardock Central" = Stardock Central
"SWiSHmax" = SWiSHmax
"TotalRecorder" = Total Recorder 4.2
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Update Service" = Update Service
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Manuel de l'appareil Windows Mobile®
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/05/2010 12:14:46 | Computer Name = KEVBO | Source = ESENT | ID = 489
Description = wuauclt (4064) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 15/05/2010 12:14:46 | Computer Name = KEVBO | Source = ESENT | ID = 455
Description = wuaueng.dll (4064) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 17/05/2010 16:42:14 | Computer Name = KEVBO | Source = ESENT | ID = 489
Description = wuauclt (244) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 17/05/2010 16:42:14 | Computer Name = KEVBO | Source = ESENT | ID = 455
Description = wuaueng.dll (244) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 17/05/2010 16:42:24 | Computer Name = KEVBO | Source = ESENT | ID = 489
Description = wuauclt (244) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 17/05/2010 16:42:24 | Computer Name = KEVBO | Source = ESENT | ID = 455
Description = wuaueng.dll (244) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 18/05/2010 09:21:27 | Computer Name = KEVBO | Source = ESENT | ID = 489
Description = wuauclt (2568) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 18/05/2010 09:21:27 | Computer Name = KEVBO | Source = ESENT | ID = 455
Description = wuaueng.dll (2568) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 18/05/2010 09:21:40 | Computer Name = KEVBO | Source = ESENT | ID = 489
Description = wuauclt (2568) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 18/05/2010 09:21:40 | Computer Name = KEVBO | Source = ESENT | ID = 455
Description = wuaueng.dll (2568) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 18/05/2010 12:30:13 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 12:50:49 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 13:12:24 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 13:30:49 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 13:51:12 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 14:10:44 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 14:30:41 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 14:50:15 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 15:10:43 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.

Error - 18/05/2010 15:30:00 | Computer Name = KEVBO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Software Updater
service to connect.


< End of report >


Thanks skip
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby peku006 » May 19th, 2010, 2:11 am

Hi skip

1 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform full scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - Status Check
Please reply with

the Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 22nd, 2010, 3:40 am

Hi peku006,

Situation update;
I have had an external hard drive failure since my last post.
PC now boots at normal speed.
PC has however hung several times whilst running mbam.exe.
will post results whem mbam completes a full check.

Thanks
Skip
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 25th, 2010, 1:44 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/01/2002 07:19:05
mbam-log-2002-01-04 (07-19-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 244566
Time elapsed: 7 hour(s), 21 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Adobe\Illustrator CS\Plug-ins\Photoshop Filters\Unsharpen Mask.8bf (Trojan.Spambot) -> No action taken.
C:\Program Files\Cliprex DS DVD Player\reg.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\_deleteme.bat (Malware.Trace) -> No action taken.
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby peku006 » May 25th, 2010, 4:07 am

Hi Skip

you need to rerun MBAM, you did not let it clean what it found.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.

1 - Run Malwarebytes' Anti-Malware
  • Open Malwarebytes' Anti-Malware
  • Select the Scanner tab.
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 25th, 2010, 3:04 pm

Hi peku,

oops..!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/01/2002 19:57:11
mbam-log-2002-01-04 (19-57-11).txt

Scan type: Quick scan
Objects scanned: 134759
Time elapsed: 48 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks Skip
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby peku006 » May 26th, 2010, 1:56 am

Hi Skip

1 - Clean temp files

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Image
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

How's the computer running now?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 28th, 2010, 3:12 pm

Hi peku006,

PC status:
oot up down to 4 mins - previously around 9 mins,
CPU operating within normal limits,
RAM loading down around 30%.
Hangs after a variety of uptime, no obvious reason given in Event Viewer
Date and Time have reset to 00:00 01-01-2002 twice

Please find requested logs below:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c051b9212c901a4ca68687a4c5a396fe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2002-01-01 09:28:30
# local_time=2002-01-01 10:28:30 (+0100, Romance Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 0 0 0 0
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2561 16777173 100 85 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 15226 15226 0 0
# compatibility_mode=9217 16777214 75 59 0 0 0 0
# scanned=326950
# found=3
# cleaned=0
# scan_time=28894
C:\Documents and Settings\Kev\Local Settings\Application Data\Identities\{6B75BD8A-261D-4916-B62E-A423302CCB76}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Win32/Netsky.Q worm 00000000000000000000000000000000 I
C:\WINDOWS\gendel32.exe Win32/HackTool.Gendel.B trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\Process.exe Win32/PrcView application 00000000000000000000000000000000 I


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:04, on 01/01/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
F:\My Documents II\F My Received Files\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?431d230c481348e2b2e28fb072f82d62
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?431d230c481348e2b2e28fb072f82d62
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/14b6b0f1a3e1d5078c ... xIE601.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3670882453
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O20 - AppInit_DLLs: [NOT FOUND] C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c985cd1448ccb8) (gupdate1c985cd1448ccb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.evolution2.com/tignes/

--
End of file - 11656 bytes


Thanks
Skip
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am

Re: Malware causing CPU overload

Unread postby peku006 » May 29th, 2010, 2:38 am

Hi Skip

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.


Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware causing CPU overload

Unread postby skip_ski73 » May 31st, 2010, 7:29 am

Hi peku006

Please find below requested combofix log;

ComboFix 10-05-30.05 - Kev 31/05/2010 12:43:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1280.776 [GMT 2:00]
Running from: c:\documents and settings\Kev\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kev\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{C8051~1
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\ecurit~1
c:\windows\Fonts\Beware.ttf
c:\windows\gendel32.exe
c:\windows\system32\components
c:\windows\system32\Process.exe
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-11 17:53 . 2010-05-13 09:53 -------- d-----w- c:\documents and settings\Kev\Application Data\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 11:05 . 2007-10-25 17:34 -------- d-----w- c:\program files\Wanadoo
2010-05-31 11:04 . 2010-04-01 21:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-31 11:02 . 2010-04-01 21:26 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-05-30 16:09 . 2008-11-27 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-06 08:36 . 2009-10-02 21:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 06:26 . 2006-03-11 18:22 -------- d-----w- c:\program files\SIW System Info
2010-05-01 14:44 . 2005-12-10 17:00 -------- d-----w- c:\program files\DigiGuide TV Guide
2010-04-29 14:39 . 2001-12-31 23:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2001-12-31 23:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 01:59 . 2010-04-23 20:09 -------- d-----w- c:\documents and settings\Kev\Application Data\Azureus
2010-04-24 10:11 . 2005-05-08 18:37 -------- d-----w- c:\program files\Common Files\Java
2010-04-24 10:09 . 2010-04-24 10:09 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 10:09 . 2005-05-08 19:09 -------- d-----w- c:\program files\Java
2010-04-23 20:10 . 2010-04-23 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-04-21 09:22 . 2010-04-21 09:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 09:22 . 2010-04-21 22:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-21 09:19 . 2003-09-29 19:45 -------- d-----w- c:\program files\Lavasoft
2010-04-21 09:18 . 2010-04-21 09:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-21 09:18 . 2008-11-09 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-21 09:09 . 2007-02-04 07:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-21 08:47 . 2004-11-02 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-21 08:47 . 2004-11-02 10:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-21 08:31 . 2008-06-08 11:04 -------- d-----w- c:\program files\AVG
2010-04-14 15:36 . 2003-10-17 09:48 -------- d-----w- c:\documents and settings\Kev\Application Data\Apple Computer
2010-04-03 13:47 . 2010-04-03 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 13:47 . 2008-02-27 18:02 -------- d-----w- c:\program files\iTunes
2010-04-03 13:45 . 2010-04-03 13:45 -------- d-----w- c:\program files\iPod
2010-04-03 13:45 . 2007-07-13 07:19 -------- d-----w- c:\program files\Common Files\Apple
2010-04-03 13:28 . 2006-06-05 14:39 -------- d-----w- c:\program files\QuickTime
2010-04-01 21:27 . 2010-04-01 21:27 -------- d-----w- c:\documents and settings\Kev\Application Data\PC Tools
2010-04-01 21:27 . 2010-04-01 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-01 21:26 . 2010-04-01 21:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-10 06:15 . 2003-08-01 19:47 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-14 08:11 . 2006-10-17 17:07 8704 -csha-w- c:\program files\Thumbs.db
2001-09-28 15:00 . 2005-05-01 11:39 164864 ----a-w- c:\program files\UNWISE.EXE
2001-06-20 11:28 . 2000-01-11 09:50 46 -c--a-w- c:\program files\ACMonitor_X73.ini
2001-06-12 12:28 . 2001-06-12 12:28 8154 -c--a-w- c:\program files\OsloD3069.usb
2001-05-11 08:39 . 2100-02-08 13:03 53248 -c--a-w- c:\program files\ACMonitor_X73.exe
2001-05-08 13:36 . 2000-12-05 12:56 114688 -c--a-w- c:\program files\lxarscan.dll
2001-04-23 11:22 . 2100-02-08 12:53 1437 -c--a-w- c:\program files\gtx73.ini
2001-02-22 06:54 . 2100-02-23 11:35 768 -c--a-w- c:\program files\x73_lut.dat
2009-11-16 03:55 . 2008-03-01 10:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2001-12-31 2397424]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Kev\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2003-8-7 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-7-11 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 11:15 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 12:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"PinnacleDriverCheck"=c:\windows\System32\PSDrvCheck.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HighCriteria\\TotalRecorder\\TotalRecorder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Kev\\Desktop\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18950:TCP"= 18950:TCP:BitComet 18950 TCP
"18950:UDP"= 18950:UDP:BitComet 18950 UDP
"23282:TCP"= 23282:TCP:BitComet 23282 TCP
"23282:UDP"= 23282:UDP:BitComet 23282 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 gupdate1c985cd1448ccb8;Google Update Service (gupdate1c985cd1448ccb8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [2005-02-09 241731]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 PL2302;Sitecom USB to USB Network cable CN-101v2;c:\windows\system32\DRIVERS\PL2302.sys [2003-05-07 11520]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-24 206256]
S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2001-12-31 67656]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-12 1291544]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-11-30 2368]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [2001-06-12 454815]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2004-09-02 379456]

.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:35]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]

2010-05-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-29 22:01]

2010-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 20:55]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:59]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 06:59]

2010-05-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-05-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18]

2010-05-27 c:\windows\Tasks\{1D7BCB12-189B-4D3C-973D-A69DC4D9DF96}_KEVBO_Kev.job
- c:\windows\system32\mobsync.exe [2003-07-31 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?431d230c481348e2b2e28fb072f82d62
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?431d230c481348e2b2e28fb072f82d62
IE: { - c:\program files\Messenger\msmsgs.exe
FF - ProfilePath - c:\documents and settings\Kev\Application Data\Mozilla\Firefox\Profiles\qynt3rwa.default\extensions\personas@christopher.beard\defaults\preferences\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKLM-Run-DataLayer - c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 12:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-115176313-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-329068152-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Common Files\Stardock\mcpstub.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\progra~1\COMMON~1\Stardock\mcpcore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\Stardock\SDMCP.exe
c:\windows\System32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\mgabg.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-31 13:22:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-31 11:21

Pre-Run: 15,575,445,504 bytes free
Post-Run: 15,553,445,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 4CD37D607373F8BDC9FA78F4C9EEF459

Thanks

Skip
skip_ski73
Active Member
 
Posts: 12
Joined: May 5th, 2010, 7:25 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware