Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer keeps freezing

Started by glug , May 16 2010 02:27 PM

  • Please log in to reply

#1
glug
Posted 16 May 2010 - 02:27 PM

glug

    Member

  • Member
  • PipPip
  • 27 posts
Hi, first time here. I'm afraid I'm a bit of a computer idiot. My computer was working perfectly well for my purposes until one day last week when it suddenly froze. Since then it keeps doing it, no matter what program I'm using. I usually end up having to cose everything down or even switch off. It seems to start up normally again and it works for a bit and then something (no idea what) causes it to freeze again. I thought maybe I'd been infected with something (but can't be sure that's what the problem is) so...

I've followed all the instructions, removed my recently expired anti-virus program (Paretologic). The problem started whilst the AV was still valid and (supposedly) working. Downloaded all the recommended programs - MBAM (says everything's OK, Avast (found nothing), GMER (says there's something not right). So I'm posting all my logs here in the hope that someone can tell me if I am infected and if so what I should do about it. And if not, any suggestions would be welcome.
Incidentally, when I look at the processes running there seems to be loads, even when I'm not using anything except internet explorer - I don't know if this is normal. I've made sure not to download any programs I don't use that switch themselves on at start-up so not much is supposed to be running in the background. iexplore.exe seems to come up about 4 times on the list, even when there's only one tab open and scvhost.exe about 8 times (I have no idea what that is).
Logs:
mbam
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4104

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/05/2010 21:20:40
mbam-log-2010-05-15 (21-20-40).txt

Scan type: Quick scan
Objects scanned: 128415
Time elapsed: 14 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Avast: nothing there

GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 13:12:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Gaby\LOCALS~1\Temp\kgtcypob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA9991CD6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA835CC7A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA999238C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA835CB36]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xA98FF730]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xA98FF8A0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xA9900340]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA98FFF90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xA9900C60]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA9992504]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA835D0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA835D014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA835C70C]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xA98FDF80]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA9992450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA835CC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA835C64C]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xA9900170]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA835C6B0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xA9900910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA835CD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA835D1B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xA9995D7E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA835CCF0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xA9900C10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xA9900F90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xA9901560]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xA98FCC40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA835CE70]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xA9900BC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xA98FE2F0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xA9900760]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xA98FFA20]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xA98FBD40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xA98FBD50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xA98FBD60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xA98FBD80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xA98FBDA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xA98FBDD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xA98FBDE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xA98FBE00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xA98FBE10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xA98FBED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xA98FBFA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xA98FBFE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xA98FC020]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP A9901E80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP A9901980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A8366EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP A8365536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2692] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [320] 0x10000000
Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [844] 0x10000000
Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1052] 0x10000000
Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1096] 0x10000000
Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1360] 0x10000000
Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1680] 0x10000000
Library C:\WINDOWS\system32\INetHTTPFilter.dll (*** hidden *** ) @ C:\Program Files\Skype\Phone\Skype.exe [2132] 0x02F30000

---- EOF - GMER 1.0.15 ----

OTL:

OTL logfile created on: 16/05/2010 21:18:28 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Gaby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 548.00 Mb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 48.31 Gb Free Space | 68.00% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.82 Gb Free Space | 99.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GABYSMINI
Current User Name: Gaby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 21:14:50 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gaby\Desktop\OTL.exe
PRC - [2010/05/06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/02/18 09:28:14 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/10/20 19:32:54 | 002,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/07 03:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/09/17 14:25:46 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/09/17 14:25:46 | 000,580,200 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/22 01:44:30 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008/05/21 05:02:08 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/21 05:40:30 | 000,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 21:14:50 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gaby\Desktop\OTL.exe
MOD - [2008/09/17 14:19:50 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0008761242033362mcinstcleanup) McAfee Application Installer Cleanup (0008761242033362)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/04/21 09:09:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/03 23:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/04/21 09:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/04/06 15:41:26 | 000,089,192 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2009/04/06 15:41:26 | 000,056,808 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/02/18 14:41:10 | 000,186,128 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/09/23 21:23:58 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/28 19:18:14 | 000,224,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/27 00:35:00 | 004,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/29 16:59:08 | 000,879,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/29 16:59:02 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/27 00:29:54 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/27 00:29:36 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/07/27 00:29:28 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 14:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/15 04:01:02 | 000,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2005/10/27 05:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...r...N&bmod=SMSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....m...om&.intl=uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/12/13 22:21:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/04/22 20:25:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote3\enbar.dll (Evernote Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238591713421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gaby\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gaby\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/12 20:26:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{14628aca-4055-11de-80a0-002119324322}\Shell\play\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{9b131888-2c59-11de-807c-002119324322}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 21:14:17 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gaby\Desktop\OTL.exe
[2010/05/16 10:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaby\Desktop\gmer
[2010/05/16 10:23:56 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/16 10:23:55 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/16 10:23:54 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/16 10:23:52 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/16 10:23:50 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/16 10:23:50 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/16 10:23:49 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/16 10:23:37 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/16 10:23:37 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/16 10:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/16 10:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/16 10:01:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/15 20:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaby\Application Data\Malwarebytes
[2010/05/15 20:13:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/15 20:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/15 20:13:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/15 20:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/15 20:11:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/15 20:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/11 11:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/04/22 20:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/22 20:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/04 21:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaby\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/04/04 21:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2010/04/04 21:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/01 10:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/08 17:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/03/08 17:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaby\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 21:14:50 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gaby\Desktop\OTL.exe
[2010/05/16 21:04:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12D0CE38-76C1-48A8-B2F7-FE87AB6C933E}.job
[2010/05/16 19:20:20 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/16 19:20:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/16 19:20:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 19:20:04 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/16 19:12:13 | 051,136,544 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/16 15:22:16 | 001,341,728 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/16 10:55:29 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Gaby\Desktop\gmer.zip
[2010/05/16 10:23:56 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/16 10:23:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/15 21:05:26 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Gaby\NTUSER.DAT
[2010/05/15 20:56:37 | 000,004,501 | ---- | M] () -- C:\rollback.ini
[2010/05/15 20:49:21 | 000,123,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/15 20:49:20 | 000,684,200 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/15 20:49:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gaby\ntuser.ini
[2010/05/13 10:21:35 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Gaby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 10:13:06 | 003,767,196 | -H-- | M] () -- C:\Documents and Settings\Gaby\Local Settings\Application Data\IconCache.db
[2010/05/09 16:46:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 21:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 13:53:05 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Camera.lnk
[2010/04/25 21:57:14 | 000,005,792 | ---- | M] () -- C:\Documents and Settings\Gaby\My Documents\TV Theme.Theme
[2010/04/22 20:25:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/04/14 16:46:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/05 17:34:57 | 000,005,781 | ---- | M] () -- C:\Documents and Settings\Gaby\My Documents\Notebook theme.Theme
[2010/04/05 10:14:09 | 000,052,992 | ---- | M] () -- C:\Documents and Settings\Gaby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/05 10:13:14 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/04 22:40:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/04 21:09:22 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BBC iPlayer Desktop.lnk
[2010/04/01 10:11:47 | 000,355,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/01 10:11:47 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/01 10:11:47 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/07 21:47:15 | 156,607,328 | ---- | M] () -- C:\Documents and Settings\Gaby\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 10:55:28 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Gaby\Desktop\gmer.zip
[2010/05/16 10:23:56 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/22 20:23:52 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/04/05 17:18:33 | 000,005,792 | ---- | C] () -- C:\Documents and Settings\Gaby\My Documents\TV Theme.Theme
[2010/04/05 17:06:40 | 000,005,781 | ---- | C] () -- C:\Documents and Settings\Gaby\My Documents\Notebook theme.Theme
[2010/04/04 21:09:22 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BBC iPlayer Desktop.lnk
[2010/03/07 21:39:23 | 156,607,328 | ---- | C] () -- C:\Documents and Settings\Gaby\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_en-US.exe
[2009/07/27 14:13:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2009/05/14 09:06:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/26 10:31:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/08 10:04:44 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/08 10:04:35 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/08 10:04:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/08 10:04:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/08 10:04:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/08 10:04:31 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/02 00:53:04 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Pete_KBD.ini
[2009/04/01 13:14:21 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Gaby_KBD.ini
[2009/02/26 20:13:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/12 20:37:53 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/02/12 20:37:53 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009/02/12 20:37:51 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/02/12 20:37:51 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/02/12 20:37:51 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/02/12 20:37:51 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/02/12 20:37:51 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/02/12 20:37:51 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/02/12 20:37:51 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/02/12 20:37:51 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/02/12 20:37:51 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/02/12 20:37:51 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/02/12 20:37:51 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/02/12 20:37:51 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/02/12 20:37:51 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/02/12 20:37:51 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/02/12 20:37:51 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/02/12 20:37:51 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/02/12 20:37:51 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/02/12 20:35:41 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/02/12 20:35:41 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/02/12 20:32:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/02/12 20:29:56 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/02/12 19:06:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/02/12 19:05:50 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2009/02/12 19:05:50 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2009/02/12 19:05:50 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2009/02/12 19:05:50 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2009/02/12 19:05:50 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/09/17 14:20:08 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/16 10:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/07/27 15:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/11 12:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/16 10:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/11 10:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/02/12 20:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2009/11/07 00:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\Amazon
[2010/04/04 21:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/12/13 22:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\eMusic
[2009/10/03 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\Fotoinsight
[2009/10/10 16:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\MyPublisher
[2010/01/26 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\OpenOffice.org
[2009/05/11 12:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\ParetoLogic
[2009/04/14 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaby\Application Data\Trusteer
[2010/05/16 19:20:20 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/05/16 21:04:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{12D0CE38-76C1-48A8-B2F7-FE87AB6C933E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/02/12 20:26:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/19 10:38:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/02/12 20:26:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/16 19:20:04 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/12 20:26:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/16 15:22:21 | 000,000,450 | ---- | M] () -- C:\LOG8.log
[2009/02/12 20:26:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 19:20:03 | 3196,059,648 | -HS- | M] () -- C:\pagefile.sys
[2009/10/29 13:54:55 | 000,001,218 | ---- | M] () -- C:\Rescued document.txt
[2010/05/15 20:56:37 | 000,004,501 | ---- | M] () -- C:\rollback.ini
[2009/02/12 20:35:42 | 000,000,173 | ---- | M] () -- C:\Setup.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/12 12:17:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/12 12:17:27 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/12 12:17:27 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 21:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 21:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 21:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

OTL extra:

OTL Extras logfile created on: 16/05/2010 21:18:28 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Gaby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 548.00 Mb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 48.31 Gb Free Space | 68.00% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.82 Gb Free Space | 99.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GABYSMINI
Current User Name: Gaby
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoinsight Designer] -- "C:\Program Files\Fotoinsight Designer\Fotoinsight Designer\Fotoinsight Designer.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9CAC71E9-D196-472E-845C-5462356B2AE1}" = Easy Resolution Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"avast5" = avast! Free Antivirus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"ERUNT_is1" = ERUNT 1.1j
"Fotoinsight Designer" = Fotoinsight Designer
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Rapport_is1" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 16/05/2010 08:40:54 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 08:43:24 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 08:45:55 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 08:48:55 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 08:52:25 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 08:55:56 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 09:00:26 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 09:05:27 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 09:11:27 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 16/05/2010 09:21:34 | Computer Name = GABYSMINI | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.


< End of report >

This is all double dutch to me so I'm very grateful for any help.

Thanks.
  • 0

Advertisements

#2
emeraldnzl
Posted 25 May 2010 - 07:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello glug (love the psuedonym),

Welcome to the Malware Forum.

iexplore.exe seems to come up about 4 times on the list, even when there's only one tab open and scvhost.exe about 8 times (I have no idea what that is).


Those are legimate files. It is quite normal to see multiple instances of them running. Looking at my Task Manager I see 7 instances of scvhost running right now. Sometimes malware can be a cause but it's more likely that its just various services being used by your computer at the time you are looking, see link below:

http://www.winhelpon...net-explorer-8/

http://support.microsoft.com/kb/314056

It seems to start up normally again and it works for a bit and then something (no idea what) causes it to freeze again.


Is this still happening or has it stopped since you uninstalled Paretologic?

I thought maybe I'd been infected with something (but can't be sure that's what the problem is) so...


Unless I am missing something I don't see any infection there. Which files in particular were you worried about?

Let's see if this will tell us anything.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit > Select All.
Go File > Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
  • 0

#3
glug
Posted 27 May 2010 - 05:09 AM

glug

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
thanks for the reply emeraldnzl,
I'll do as you suggest when I'm home again (unfortunately, because nobody replied I'm now on holiday and don't have my laptop with me. Things did improve slightly after I UNinstalled Paretologic but it is still sometimes impossibly slow for no apparent reason so I'll try your suggestion when we get home mid-June.
Thanks again.

Edited by glug, 31 May 2010 - 12:18 PM.

  • 0

#4
emeraldnzl
Posted 27 May 2010 - 01:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie :)
  • 0

#5
glug
Posted 13 June 2010 - 03:52 AM

glug

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi emeraldnzl,
I'm back from hols and I've just done what you suggested above so here it is. Hope you're still around.

==================================================
Dump File : Mini072409-01.dmp
Crash Time : 24/07/2009 16:51:15
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0x80000004
Parameter 2 : 0x80707ae1
Parameter 3 : 0xa8825708
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+8ae1
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2111)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072409-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

==================================================
Dump File : Mini072509-01.dmp
Crash Time : 24/07/2009 16:50:26
Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code : 0x000000ea
Parameter 1 : 0x84ccb8a8
Parameter 2 : 0x86156820
Parameter 3 : 0x8604e338
Parameter 4 : 0x00000001
Caused By Driver : igxpdv32.DLL
Caused By Address : igxpdv32.DLL+1f2dc
File Description : Component GHAL Driver
Product Name : Intel Graphics Accelerator Drivers for Windows NT®
Company : Intel Corporation
File Version : 6.14.10.4926
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072509-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
==================================================

\thanks,
Glug
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP