Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/Trojan--PC freezes have to restart

Started by cocofruit , Jul 17 2011 07:18 PM

Please log in to reply

#1
cocofruit

Posted 17 July 2011 - 07:18 PM

Member

Member
19 posts

Appreciate the help in advance!!! you guys helped me out several years ago and you're GREAT!!!

Recently bought a used laptop running XP. It may have malware/trojan. Previous owner installed lots of games & aol stuff. I deleted as many useless programs as I could---but some still left.

PROBLEM:

PC Freezes upon startup AND when connecting to the internet. I have to shutdown with the power button and then restart, sometimes more than once in order for it to connect properly. Started happening after a program called "performance driver" was loaded into my system disguised as an update for firefox. I deleted the program thru add/remove programs, but still having major problems with system freezing.

Ran malwarebytes and it detected 238 adware, which I removed. Ran it again and it said -0-.

Also what are these startup items in misconfig??

NA
ctfmon
MSKdetct---disabled this one

Finally I couldn't connect at all [freezed completely]---so, I did a system restore in safe mode and set system back to the day I bought it a week ago. It worked and got laptop to function but still acting funny.

Wipedrive program previously used by the store I bought It from to wipe system clean. I deleted that program since it took 83 mgs of memory.

Frustrated, please help!! Trying to avoid a recovery.

--------------------------------------------------------------------------------------------------------

OTL logfile created on: 7/17/2011 5:49:55 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner-1\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 190.20 Mb Available Physical Memory | 18.75% Memory free
2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 40.90 Gb Free Space | 76.86% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 6.83 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: LOVEGIFT | User Name: Owner-1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 17:46:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner-1\My Documents\Downloads\OTL.exe
PRC - [2011/07/14 23:02:20 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/07/12 05:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/12 02:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/06/07 21:05:52 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdmcoms.exe
PRC - [2007/06/07 21:05:44 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmserv.exe
PRC - [2006/11/17 04:36:58 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/08/02 01:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 01:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/23 20:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2005/12/27 11:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/11/05 08:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 17:46:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner-1\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/05 08:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/14 23:02:20 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/07 21:05:52 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/06/07 21:05:44 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
SRV - [2006/11/17 04:36:58 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/14 22:38:48 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/12/04 20:30:09 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/12/04 20:30:09 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2006/10/16 14:16:04 | 000,017,359 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2006/09/08 14:06:16 | 000,082,432 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u20.sys -- (SWNC8U20) Sierra Wireless MUX NDIS Driver (UMTS20)
DRV - [2006/09/08 14:06:16 | 000,066,304 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/15 16:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 20:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/04/05 02:46:30 | 000,163,840 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev)
DRV - [2006/01/22 17:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...ys=PTB&M=MX6958
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX6958
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/23 08:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 23:13:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/10 23:07:37 | 000,000,000 | ---D | M]

[2011/07/10 23:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Extensions
[2011/07/14 18:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\extensions
[2011/07/13 21:17:28 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/13 21:04:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/10 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/19 05:24:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/10 22:39:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER-1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\TQMK4XYC.DEFAULT\EXTENSIONS\[email protected]
[2009/09/02 05:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - File not found
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [dcsm] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.191.7.12 131.191.7.194 8.8.8.8
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner-1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner-1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4d986342-762d-11db-9cd6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4d986342-762d-11db-9cd6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d986342-762d-11db-9cd6-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 22:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2011/07/14 23:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/07/14 23:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/07/14 23:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/07/14 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/14 22:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/07/14 22:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2010
[2011/07/14 22:38:48 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/07/14 22:30:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/07/14 22:09:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/14 22:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/14 22:09:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/14 22:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/14 01:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Malwarebytes
[2011/07/14 01:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/13 22:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner-1\My Documents\My Videos
[2011/07/13 22:26:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/07/11 21:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2011/07/11 21:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\AdobeUM
[2011/07/11 19:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Local Settings\Application Data\Adobe
[2011/07/11 10:38:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner-1\IECompatCache
[2011/07/11 01:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/07/11 01:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/07/11 00:01:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/10 23:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/10 23:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/07/10 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/07/10 23:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\My Documents\Downloads
[2011/07/10 23:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Local Settings\Application Data\Mozilla
[2011/07/10 23:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Mozilla
[2011/07/10 22:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Macromedia
[2011/07/10 21:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\PriceGong
[2011/07/10 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Adobe
[2011/07/10 21:33:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner-1\PrivacIE
[2011/07/10 21:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Local Settings\Application Data\Conduit
[2011/07/10 21:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/06/17 18:03:50 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2009/06/17 18:03:50 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2009/06/17 18:03:50 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2009/06/17 18:03:49 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2009/06/17 18:03:49 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2009/06/17 18:03:49 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2009/06/17 18:03:49 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2009/06/17 18:03:49 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2009/06/17 18:03:49 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmih.exe
[2009/06/17 18:03:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2009/06/17 18:03:48 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2009/06/17 18:03:48 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe
[2009/06/17 18:03:48 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcfg.exe
[2009/06/17 18:03:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 17:43:36 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Owner-1\My Documents\geeks.rtf
[2011/07/17 17:12:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/17 17:02:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 17:01:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/17 17:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 17:01:36 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 22:04:43 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/07/15 00:06:46 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 23:17:05 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/07/14 23:16:38 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/14 23:16:37 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\ZoneAlarm Security.lnk
[2011/07/14 23:02:14 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/14 23:02:14 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/14 22:38:48 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/07/14 22:09:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 19:26:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 22:26:26 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\Windows Media Player.lnk
[2011/07/11 01:26:26 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/07/11 01:26:26 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareGuard.lnk
[2011/07/11 01:21:01 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 01:21:01 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/10 23:34:25 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareBlaster.lnk
[2011/07/10 23:13:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/10 23:07:32 | 000,000,173 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/10 22:48:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\My Computer.lnk
[2011/07/10 21:43:49 | 000,158,240 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/17 17:34:00 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\Owner-1\My Documents\geeks.rtf
[2011/07/15 22:05:44 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/14 23:16:37 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\ZoneAlarm Security.lnk
[2011/07/14 23:16:21 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/07/14 22:40:21 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/14 22:40:20 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/14 22:09:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/11 18:19:03 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/07/11 18:19:02 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/07/11 18:19:02 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/11 18:19:02 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/07/11 18:18:57 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/07/11 18:18:56 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/07/11 18:18:56 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/07/11 18:18:56 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/07/11 18:18:56 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/07/11 18:18:56 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/07/11 18:18:56 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/07/11 18:18:56 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/07/11 18:18:56 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/07/11 18:18:56 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/07/11 18:18:56 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/07/11 18:18:56 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/07/11 18:18:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/07/11 18:18:55 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/07/11 18:18:55 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/07/11 18:18:53 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/07/11 18:18:53 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/07/11 18:18:53 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/07/11 18:18:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/11 18:18:51 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/11 01:26:26 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/07/11 01:26:26 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareGuard.lnk
[2011/07/10 23:42:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/10 23:34:25 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareBlaster.lnk
[2011/07/10 23:21:04 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\Internet Explorer.lnk
[2011/07/10 23:13:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/10 23:13:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/10 23:07:32 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/10 22:48:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\My Computer.lnk
[2010/05/31 04:43:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/04 20:33:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/06/17 18:05:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2009/06/17 18:05:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2009/06/17 18:04:31 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2009/06/17 18:04:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2009/06/17 18:04:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2009/06/17 18:03:50 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2009/06/17 18:03:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2007/10/19 05:24:35 | 000,003,424 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/07 17:30:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/30 12:09:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/17 04:42:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/17 04:34:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/17 04:32:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/11/17 04:29:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/07/10 23:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/11 10:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner-1\Application Data\PriceGong
[2006/12/18 12:23:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 18 July 2011 - 12:40 AM

Malware Expert

Expert
24,624 posts

I would uninstall
Zone Alarm (replace with the free Online Armor if you feel the need for a firewall but Kaspersky usually has its own.)
SpywareGuard
Download Manager
Real Player
anything from google

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - File not found
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - File not found
O4 - HKLM..\Run: [dcsm] File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - Reg Error: Key error. File not found
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4d986342-762d-11db-9cd6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4d986342-762d-11db-9cd6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d986342-762d-11db-9cd6-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron

#3
cocofruit

Posted 18 July 2011 - 06:55 PM

Member

Topic Starter
Member
19 posts

HI RON!! Thanks a bunch for helping me so quickly!

Following your instructions---but hit a snag with MBAM

I removed my old copy and installed a fresh copy of Malwarebytes.

After about 12 minutes of running a full scan it freezed twice.

I will install another copy and try again. If that does not work

please advise an alternative.

#4
RKinner

Posted 18 July 2011 - 07:07 PM

Malware Expert

Expert
24,624 posts

Try it in Safe Mode with Networking. http://www.computerh...sues/chsafe.htm
If it still won't work then go on to the next program.

Ron

#5
cocofruit

Posted 18 July 2011 - 11:42 PM

Member

Topic Starter
Member
19 posts

Hi Ron! I finally got MBAM to work. I had to delete zone alarm, cut off KAV & disconnect from the internet--but it ran.

Disk Check stopped at stage 4---24%. I let it run for over an hour [twice] and it just hanged. Advise please!

Should I continue on the list? Only have a few more things left. I can post what logs I have. Let me know.

Spywareguard repeatedly popping up during combo fix, saying "IE search bar had changed"

It does NOT appear in add/delete programs. How do I completely remove this program? causing problems

---thanks

Edited by cocofruit, 18 July 2011 - 11:44 PM.

#6
RKinner

Posted 19 July 2011 - 12:30 AM

Malware Expert

Expert
24,624 posts

Post what logs you have.

As far as the disk check. Sometimes you have to go into the Recovery Console in order to get it to work. That insures that nothing else can interfere.

When you ran Combofix it should have installed the Recovery Console (IF not run it again and let it install.)
Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

Now Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:

chkdsk /r

(Check disk should run. Don't remember if it reboots when it finishes but if not you can just type:

exit

Ron

#7
cocofruit

Posted 19 July 2011 - 01:07 AM

Member

Topic Starter
Member
19 posts

I'll try again & run chkdsk through the recovery console and see if that works.

Here are the logs I have---btw, I'm a fellow Washingtonian

---the San Juan islands are beautiful.

---------------------------------------------------------

OTL logfile created on: 7/18/2011 5:51:21 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner-1\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 504.11 Mb Available Physical Memory | 49.71% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 41.11 Gb Free Space | 77.24% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 6.83 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: LOVEGIFT | User Name: Owner-1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/17 17:46:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner-1\My Documents\Downloads\OTL.exe
PRC - [2011/07/14 23:02:20 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/12 02:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/06/07 21:05:52 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdmcoms.exe
PRC - [2007/06/07 21:05:44 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmserv.exe
PRC - [2006/11/17 04:36:58 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/08/02 01:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 01:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 01:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/05/23 20:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2005/12/27 11:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/12 13:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/11/05 08:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe

========== Modules (SafeList) ==========

MOD - [2011/07/17 17:46:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner-1\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/05 08:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/14 23:02:20 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/07 21:05:52 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/06/07 21:05:44 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
SRV - [2006/11/17 04:36:58 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/10/12 13:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/07/14 22:38:48 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/12/04 20:30:09 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/12/04 20:30:09 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2006/10/16 14:16:04 | 000,017,359 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2006/09/08 14:06:16 | 000,082,432 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u20.sys -- (SWNC8U20) Sierra Wireless MUX NDIS Driver (UMTS20)
DRV - [2006/09/08 14:06:16 | 000,066,304 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/15 16:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 20:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/04/05 02:46:30 | 000,163,840 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev)
DRV - [2006/01/22 17:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/09/21 01:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...ys=PTB&M=MX6958
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX6958
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/18 04:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/18 04:54:25 | 000,000,000 | ---D | M]

[2011/07/10 23:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Extensions
[2011/07/14 18:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\extensions
[2011/07/13 21:17:28 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/13 21:04:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/10 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/19 05:24:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/10 22:39:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER-1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\TQMK4XYC.DEFAULT\EXTENSIONS\[email protected]
[2009/09/02 05:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/18 05:45:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.191.7.12 131.191.7.194 8.8.8.8
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner-1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner-1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 05:45:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/18 05:41:46 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner-1\Desktop\procexp.exe
[2011/07/18 05:41:09 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner-1\Desktop\VEW.exe
[2011/07/18 05:39:22 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner-1\Desktop\aswMBR.exe
[2011/07/18 05:36:40 | 004,155,513 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner-1\Desktop\george.exe.exe
[2011/07/18 05:25:55 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner-1\Desktop\mbam-setup-1.51.1.1800(1).exe
[2011/07/18 04:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Real
[2011/07/15 22:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2011/07/14 23:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/07/14 23:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/07/14 23:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/07/14 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/14 22:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/07/14 22:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2010
[2011/07/14 22:38:48 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/07/14 22:30:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/07/14 22:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/14 01:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Malwarebytes
[2011/07/14 01:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/13 22:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner-1\My Documents\My Videos
[2011/07/13 22:26:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/07/11 21:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2011/07/11 21:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\AdobeUM
[2011/07/11 19:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Local Settings\Application Data\Adobe
[2011/07/11 10:38:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner-1\IECompatCache
[2011/07/11 01:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2011/07/11 01:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
[2011/07/11 00:01:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/10 23:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/10 23:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/07/10 23:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/07/10 23:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\My Documents\Downloads
[2011/07/10 23:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Local Settings\Application Data\Mozilla
[2011/07/10 23:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Mozilla
[2011/07/10 22:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Macromedia
[2011/07/10 21:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\PriceGong
[2011/07/10 21:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Application Data\Adobe
[2011/07/10 21:33:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner-1\PrivacIE
[2011/07/10 21:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner-1\Local Settings\Application Data\Conduit
[2011/07/10 21:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/06/17 18:03:50 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll
[2009/06/17 18:03:50 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll
[2009/06/17 18:03:50 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll
[2009/06/17 18:03:49 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll
[2009/06/17 18:03:49 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll
[2009/06/17 18:03:49 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll
[2009/06/17 18:03:49 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll
[2009/06/17 18:03:49 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll
[2009/06/17 18:03:49 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmih.exe
[2009/06/17 18:03:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll
[2009/06/17 18:03:48 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll
[2009/06/17 18:03:48 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe
[2009/06/17 18:03:48 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcfg.exe
[2009/06/17 18:03:48 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/07/18 05:50:25 | 000,028,833 | ---- | M] () -- C:\Documents and Settings\Owner-1\My Documents\geeks.rtf
[2011/07/18 05:48:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/18 05:47:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/18 05:47:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/18 05:47:45 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/18 05:45:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/18 05:41:53 | 003,412,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner-1\Desktop\procexp.exe
[2011/07/18 05:41:09 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner-1\Desktop\VEW.exe
[2011/07/18 05:40:36 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner-1\Desktop\aswMBR.exe
[2011/07/18 05:36:47 | 004,155,513 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner-1\Desktop\george.exe.exe
[2011/07/18 05:26:16 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner-1\Desktop\mbam-setup-1.51.1.1800(1).exe
[2011/07/18 05:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 22:04:43 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/07/15 00:06:46 | 000,235,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/14 23:17:05 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/07/14 23:16:38 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/14 23:16:37 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\ZoneAlarm Security.lnk
[2011/07/14 23:02:14 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/14 23:02:14 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/14 22:38:48 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/07/14 19:26:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 22:26:26 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\Windows Media Player.lnk
[2011/07/11 01:26:26 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/07/11 01:26:26 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareGuard.lnk
[2011/07/11 01:21:01 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/11 01:21:01 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/10 23:34:25 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareBlaster.lnk
[2011/07/10 23:13:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/10 23:07:32 | 000,000,173 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/10 22:48:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner-1\Desktop\My Computer.lnk
[2011/07/10 21:43:49 | 000,158,240 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF

========== Files Created - No Company Name ==========

[2011/07/17 17:34:00 | 000,028,833 | ---- | C] () -- C:\Documents and Settings\Owner-1\My Documents\geeks.rtf
[2011/07/15 22:05:44 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/14 23:16:37 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\ZoneAlarm Security.lnk
[2011/07/14 23:16:21 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/07/14 22:40:21 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/14 22:40:20 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/11 18:19:03 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/07/11 18:19:02 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/07/11 18:19:02 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/11 18:19:02 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/07/11 18:18:57 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/07/11 18:18:56 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/07/11 18:18:56 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/07/11 18:18:56 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/07/11 18:18:56 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/07/11 18:18:56 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/07/11 18:18:56 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/07/11 18:18:56 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/07/11 18:18:56 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/07/11 18:18:56 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/07/11 18:18:56 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/07/11 18:18:56 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/07/11 18:18:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/07/11 18:18:55 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/07/11 18:18:55 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/07/11 18:18:53 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/07/11 18:18:53 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/07/11 18:18:53 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/07/11 18:18:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/11 18:18:51 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/11 01:26:26 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/07/11 01:26:26 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareGuard.lnk
[2011/07/10 23:42:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/10 23:34:25 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\SpywareBlaster.lnk
[2011/07/10 23:21:04 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\Internet Explorer.lnk
[2011/07/10 23:13:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/10 23:13:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/10 23:07:32 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/07/10 22:48:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner-1\Desktop\My Computer.lnk
[2010/05/31 04:43:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/04 20:33:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/06/17 18:05:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll
[2009/06/17 18:05:35 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll
[2009/06/17 18:04:31 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll
[2009/06/17 18:04:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll
[2009/06/17 18:04:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll
[2009/06/17 18:03:50 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll
[2009/06/17 18:03:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll
[2007/10/19 05:24:35 | 000,003,424 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/07 17:30:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/30 12:09:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/17 04:42:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/11/17 04:34:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/17 04:32:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/11/17 04:29:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 02:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 02:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 02:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 02:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 02:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 02:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 02:23:22 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 02:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 02:23:22 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 02:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 02:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 02:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 02:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 02:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 02:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 02:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 02:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 19:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 19:30:47 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 21:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/07/10 23:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/11 10:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner-1\Application Data\PriceGong
[2006/12/18 12:23:25 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job

========== Purity Check ==========

< End of report >

-----------------------------------------------------

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7195

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/18/2011 7:02:32 PM
mbam-log-2011-07-18 (19-02-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 227934
Time elapsed: 34 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------

ComboFix 11-07-18.05 - Owner-1 07/18/2011 19:13:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.405 [GMT -7:00]
Running from: c:\documents and settings\Owner-1\Desktop\george.exe.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner-1\Application Data\PriceGong
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Owner-1\Application Data\PriceGong\Data\z.txt
c:\program files\Common Files\drivecleaner free
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 01:26 . 2011-07-19 01:26 -------- d-----w- c:\windows\Internet Logs
2011-07-19 01:25 . 2011-07-19 01:25 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-19 01:25 . 2011-07-19 01:25 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-19 00:58 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 00:58 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 00:58 . 2011-07-19 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-18 12:45 . 2011-07-18 12:45 -------- d-----w- C:\_OTL
2011-07-16 05:06 . 2011-07-16 05:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-07-15 05:39 . 2011-07-19 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-07-15 05:39 . 2011-07-15 05:39 -------- d-----w- c:\program files\Kaspersky Lab
2011-07-15 04:40 . 2011-07-15 04:40 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-15 00:08 . 2011-07-16 05:00 -------- d-----w- c:\documents and settings\Administrator
2011-07-14 08:30 . 2011-07-14 08:30 -------- d-----w- c:\documents and settings\Owner-1\Application Data\Malwarebytes
2011-07-14 08:30 . 2011-07-14 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-14 05:26 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-07-12 04:58 . 2011-07-12 04:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2011-07-12 02:26 . 2011-07-12 02:27 -------- d-----w- c:\documents and settings\Owner-1\Local Settings\Application Data\Adobe
2011-07-12 01:19 . 2004-08-10 19:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2011-07-12 01:19 . 2004-08-10 19:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2011-07-12 01:19 . 2004-08-10 19:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2011-07-12 01:19 . 2004-08-10 19:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2011-07-12 01:19 . 2004-08-10 19:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-07-12 01:19 . 2004-08-10 19:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2011-07-12 01:19 . 2004-08-10 19:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-07-12 01:19 . 2004-08-10 19:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2011-07-12 01:19 . 2004-08-10 19:00 1875968 ----a-w- c:\windows\system32\msir3jp.lex
2011-07-11 17:38 . 2011-07-11 17:38 -------- d-sh--w- c:\documents and settings\Owner-1\IECompatCache
2011-07-11 08:36 . 2011-07-15 07:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-11 08:26 . 2011-07-15 04:45 -------- d-----w- c:\program files\SpywareGuard
2011-07-11 06:34 . 2011-07-11 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-07-11 06:34 . 2011-07-11 06:35 -------- d-----w- c:\program files\SpywareBlaster
2011-07-11 05:39 . 2009-10-21 02:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
2011-07-11 04:33 . 2011-07-15 01:23 -------- d-----w- c:\documents and settings\Owner-1\Local Settings\Application Data\Conduit
2011-07-11 04:33 . 2011-07-11 04:33 -------- d-sh--w- c:\documents and settings\Owner-1\PrivacIE
2011-07-11 04:28 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-07-11 04:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-11 04:27 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-07-11 04:26 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-11 04:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-11 04:25 . 2011-07-11 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-07-11 04:20 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-06-17 09:23 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2006-06-17 09:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-06-17 09:23 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-06-17 09:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-06-17 09:23 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-06-17 09:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-06-17 09:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-06-17 09:23 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-06-17 09:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-16 04:17 . 2011-07-11 06:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-07-15 340520]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\documents and settings\Owner-1\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 21:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdmamon]
2007-06-01 15:06 20480 ----a-w- c:\program files\Lexmark 5000 Series\lxdmamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdmmon.exe]
2007-07-06 11:53 455344 ----a-w- c:\program files\Lexmark 5000 Series\lxdmmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\AppUpdate.exe"=
"c:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\xxx2burn.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmamon.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/18/2011 5:58 PM 366640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/18/2011 5:58 PM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2010 2:03 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2010 2:03 PM 135664]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2/5/2007 2:08 PM 163840]
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 21:03]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 21:03]
.
2006-12-18 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6958
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 131.191.7.12 131.191.7.194 8.8.8.8
FF - ProfilePath - c:\documents and settings\Owner-1\Application Data\Mozilla\Firefox\Profiles\tqmk4xyc.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
AddRemove-gtw_logo - c:\windows\system32\gtw_logo.scr
AddRemove-WT010650 - c:\program files\Gateway Games\FATE\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-18 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe
c:\windows\system32\lxdmcoms.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2011-07-18 19:30:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 02:30
.
Pre-Run: 43,918,405,632 bytes free
Post-Run: 43,780,104,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BF8708CFBB341F80A7C824B5D9261F68

---------------------------------------------------

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 19:59:48
-----------------------------
19:59:48.937 OS Version: Windows 5.1.2600 Service Pack 3
19:59:48.937 Number of processors: 2 586 0xE08
19:59:48.937 ComputerName: LOVEGIFT UserName: Owner-1
19:59:49.890 Initialize success
20:00:00.843 AVAST engine defs: 11071801
20:00:15.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:00:15.000 Disk 0 Vendor: WDC_WD12 01.0 Size: 114473MB BusType: 3
20:00:15.031 Disk 0 MBR read successfully
20:00:15.031 Disk 0 MBR scan
20:00:15.125 Disk 0 unknown MBR code
20:00:15.140 Disk 0 scanning sectors +234436545
20:00:15.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:00:30.031 Service scanning
20:00:31.625 Disk 0 trace - called modules:
20:00:31.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IASTOR.SYS
20:00:31.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f46030]
20:00:31.687 3 CLASSPNP.SYS[f769efd7] -> nt!IofCallDriver -> \Device\000000aa[0x86f7ab70]
20:00:31.703 5 ACPI.sys[f7495620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f49030]
20:00:32.703 AVAST engine scan C:\WINDOWS
20:00:52.375 AVAST engine scan C:\WINDOWS\system32
20:02:58.531 AVAST engine scan C:\WINDOWS\system32\drivers
20:03:18.265 AVAST engine scan C:\Documents and Settings\Owner-1
20:03:50.265 AVAST engine scan C:\Documents and Settings\All Users
20:05:33.453 Scan finished successfully
20:06:01.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner-1\Desktop\MBR.dat"
20:06:01.953 The log file has been saved successfully to "C:\Documents and Settings\Owner-1\Desktop\aswMBR.txt"

Would you like me to continue working on the rest of the list or will this suffice??

Edited by cocofruit, 19 July 2011 - 01:10 AM.

#8
RKinner

Posted 19 July 2011 - 01:31 AM

Malware Expert

Expert
24,624 posts

Yes. Your IP address mapped out to Tacoma so I figured you weren't too far away. It was the beauty and the mild summers and relatively mild winters that made us decide to retire here from Florida. Tired of sweating in the summer and fighting the bugs and hurricanes.

The following should take care of SpywareGuard:

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O4 - Startup: C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()

:files
C:\Program Files\SpywareGuard\
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard
C:\Documents and Settings\Owner-1\Desktop\SpywareGuard.lnk
    
:Commands
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

I'm not seeing a lot of problems in the logs so you need to keep on going through the list. IF a step won't work you can just skip on to the next step.

Ron

#9
cocofruit

Posted 19 July 2011 - 06:24 AM

Member

Topic Starter
Member
19 posts

G'morning Ron! You put it perfectly "the beauty & mild summers and relatively mild winters" is what makes the NW so appealing. I truly love it here! So nice to meet another online, that's from the Evergreen State.

Appreciate the code to kill spywareguard. It worked great.

Ran chkdsk through the recovery console, but it hanged @ 56% for 2.5 hours---so I closed it. Any thoughts why this is happening??

I finished the list and here are the results:

OTL

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Documents and Settings\Owner-1\Start Menu\Programs\Startup\SpywareGuard.lnk moved successfully.
C:\Program Files\SpywareGuard\sgmain.exe moved successfully.
========== FILES ==========
C:\Program Files\SpywareGuard folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SpywareGuard folder moved successfully.
C:\Documents and Settings\Owner-1\Desktop\SpywareGuard.lnk moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07192011_025349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------------------------------
sfc /scannow

I had no XP professional disk. Skipped through sections asking for disk.
Completed. No log generated.

--------------------------------------------

sigverif

List of drivers generated had a modified date of 2004

None of these were recent
--------------------------------------------

System log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/07/2011 5:21:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The PrismXL service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The lxdm_device service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The lxdmCATSCustConnectService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:51 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:50 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:50 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/07/2011 2:53:50 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/07/2011 10:26:29 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

------------------------------------------------------

Application log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/07/2011 5:22:37 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/07/2011 4:26:45 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application sigverif.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------

procexp

Process PID CPU Private Bytes Working Set Description Company Name
alg.exe 3744 1,324 K 3,784 K Application Layer Gateway Service Microsoft Corporation
avp.exe 2312 13,260 K 5,112 K Kaspersky Anti-Virus Kaspersky Lab
csrss.exe 1396 1,900 K 4,812 K Client Server Runtime Process Microsoft Corporation
dllhost.exe 3312 2,420 K 6,492 K COM Surrogate Microsoft Corporation
Dot1XCfg.exe 3972 9,556 K 14,292 K Intel 802.1x Server Intel Corporation
ehmsas.exe 264 760 K 2,748 K Media Center Media Status Aggregator Service Microsoft Corporation
ehrecvr.exe 776 2,636 K 4,824 K Media Center Receiver Service Microsoft Corporation
ehSched.exe 1136 1,668 K 5,068 K Media Center Scheduler Service Microsoft Corporation
EvtEng.exe 2000 8,340 K 12,120 K Intel® PROSet/Wireless Event Log Intel Corporation
hkcmd.exe 424 868 K 3,036 K hkcmd Module Intel Corporation
HPZipm12.exe 2476 680 K 2,008 K PML Driver HP
IAAnotif.exe 4084 796 K 2,488 K Event Monitor User Notification Tool Intel Corporation
IAANTMon.exe 1696 556 K 1,684 K RAID Monitor Intel Corporation
igfxpers.exe 3924 856 K 3,056 K persistence Module Intel Corporation
igfxsrvc.exe 1032 1,384 K 3,476 K igfxsrvc Module Intel Corporation
igfxtray.exe 284 1,060 K 3,532 K igfxTray Module Intel Corporation
jusched.exe 2244 988 K 3,012 K Java™ Platform SE binary Sun Microsystems, Inc.
lxdmcoms.exe 1996 2,136 K 3,316 K Printer Communication System
lxdmserv.exe 1824 760 K 2,404 K Lexmark Connect Service Executable Lexmark International, Inc.
mbamgui.exe 2300 3,224 K 5,752 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamservice.exe 1924 90,852 K 91,712 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mcrdsvc.exe 2844 996 K 3,284 K MCRD Device Service Microsoft Corporation
mDNSResponder.exe 656 1,348 K 3,872 K Bonjour Service Apple Inc.
PRISMXL.SYS 2492 584 K 1,992 K PrismXL Service New Boundary Technologies, Inc.
procexp.exe 2468 9,472 K 13,084 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
QTTask.exe 2220 800 K 2,648 K QuickTime Task Apple Inc.
RegSrvc.exe 2604 1,012 K 3,244 K Intel® PROSet/Wireless Registry Service Intel Corporation
services.exe 1464 1,972 K 3,756 K Services and Controller app Microsoft Corporation
smss.exe 1348 172 K 444 K Windows NT Session Manager Microsoft Corporation
spoolsv.exe 1064 4,472 K 7,268 K Spooler SubSystem App Microsoft Corporation
stsystra.exe 2036 4,032 K 7,020 K Sigmatel Audio system tray application SigmaTel, Inc.
svchost.exe 1652 3,216 K 5,348 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 636 1,432 K 3,772 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 812 1,308 K 3,296 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 588 1,500 K 4,044 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2668 1,580 K 4,020 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2720 2,544 K 4,448 K Generic Host Process for Win32 Services Microsoft Corporation
SynTPEnh.exe 4044 1,704 K 4,732 K Synaptics TouchPad Enhancements Synaptics, Inc.
SynTPLpr.exe 3944 980 K 2,820 K TouchPad Driver Helper Application Synaptics, Inc.
winlogon.exe 1420 18,704 K 19,820 K Windows NT Logon Application Microsoft Corporation
wmiprvse.exe 3072 2,500 K 5,132 K WMI Microsoft Corporation
wmiprvse.exe 3460 19,920 K 24,564 K WMI Microsoft Corporation
ehtray.exe 3892 0.77 2,548 K 1,284 K Media Center Tray Applet Microsoft Corporation
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
lsass.exe 1476 0.77 4,068 K 6,432 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 356 1.54 15,620 K 25,520 K Windows Explorer Microsoft Corporation
procexp.exe 1976 1.54 10,600 K 14,936 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
sm56hlpr.exe 1544 1.54 1,208 K 3,616 K Application executable file Motorola Inc.
S24EvMon.exe 404 3.08 9,728 K 12,708 K Wireless Management Service Intel Corporation
svchost.exe 1936 3.08 14,788 K 26,056 K Generic Host Process for Win32 Services Microsoft Corporation
System 4 3.85 0 K 452 K
WINWORD.EXE 1956 3.85 8,488 K 5,468 K Microsoft Office Word Microsoft Corporation
svchost.exe 1740 5.38 2,200 K 5,188 K Generic Host Process for Win32 Services Microsoft Corporation
avp.exe 624 6.15 98,052 K 13,116 K Kaspersky Anti-Virus Kaspersky Lab
System Idle Process 0 10.00 0 K 28 K
iFrmewrk.exe 1256 28.46 14,000 K 19,312 K Intel Framework MFC Application Intel Corporation
ZCfgSvc.exe 532 29.23 7,360 K 13,560 K ZeroCfgSvc MFC Application Intel Corporation

#10
RKinner

Posted 19 July 2011 - 09:33 AM

Malware Expert

Expert
24,624 posts

I'm afraid your hard drive may be dying if disk check won't run through. I would go to the maker's website and download their test tool. To determine the maker:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), it will tell you the maker. File, Save as Text File, (to your desktop) note the name it gives. OK. Attach the file to your next post.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Run Process Explorer one more time. This time make sure you have all programs closed including the browser. (Click on CPU one more time to get the heavy hitters to the top.) Wait at least a minute for things to settle down before saving the file. (Are you connecting wirelessly? If not the wireless should be disabled.)

Could you post your Extras log? It should have been created when you ran OTL. If not:

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste the one called Extras.

Are you running a P2P program like utorrent? I see this in your log:
Log: 'System' Date/Time: 18/07/2011 10:26:29 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Ron

#11
cocofruit

Posted 19 July 2011 - 08:31 PM

Member

Topic Starter
Member
19 posts

Evening Ron!

Say it isn't so! I sure hope this hard drive is not failing. Thanks for helping me find out if it is.

I bought this Gateway Laptop "used" about a week ago [July 10th] as a 2nd laptop.

You asked if I was running any P2P programs.....

With the exception of KAV, firefox, zone alarm, ATF cleaner and a couple anti-malware programs---NONE of the things you see installed are mine.

The previous owner had vonage, many unnecessary programs, printer software and all kinds of games etc :unsure:

. I was in the process of trying to clean it up, when it started freezing on me as I reported in my 1st post. What you've had me do so far, has helped tremendously. Internet connecting fine & Freezing seems to have stopped except during chkdsk----which I have to say worried me.

KUDOS! You've been so patient, kind & extremely thorough

-------------------------------------------------------------------------

OTL Extras logfile created on: 7/17/2011 5:49:55 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner-1\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 190.20 Mb Available Physical Memory | 18.75% Memory free
2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.22 Gb Total Space | 40.90 Gb Free Space | 76.86% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 6.83 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: LOVEGIFT | User Name: Owner-1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1163763273\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1163763273\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\OCDVDAgent.exe" = C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\OCDVDAgent.exe:*:Enabled:ObjectCube Express Agent
"C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\AppUpdate.exe" = C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\AppUpdate.exe:*:Enabled:ObjectCube AutoUpdate -- (LightningCD)
"C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" = C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe:*:Enabled:XXX2Burn DVD Wizard -- (ObjectCube)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 5000 Series\lxdmamon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Utility" = Advanced Video FX Utility
"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.01.03.0405)
"Creative WebCam Center" = Creative WebCam Center
"Gateway Game Console" = Gateway Game Console
"gtw_logo" = gtw_logo
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Lexmark 5000 Series" = Lexmark 5000 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"SightSpeed" = SightSpeed (remove only)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010646" = Bejeweled 2 Deluxe
"WT010647" = Blackhawk Striker 2
"WT010648" = Blasterball 2 Revolution
"WT010649" = Diner Dash
"WT010650" = FATE
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XXX2Burn DVD Wizard" = XXX2Burn DVD Wizard (remove only)
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2011 3:41:05 AM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2011 3:41:10 AM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2011 3:41:15 AM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/14/2011 3:41:25 AM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1001
Description = Fault bucket 00000009.

Error - 7/14/2011 3:41:46 AM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2011 2:50:00 PM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application mbamgui.exe, version 1.51.0.38, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2011 2:50:15 PM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application mbamgui.exe, version 1.51.0.38, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2011 2:57:31 PM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application mbamgui.exe, version 1.51.0.38, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2011 2:57:47 PM | Computer Name = LOVEGIFT | Source = Application Hang | ID = 1002
Description = Hanging application mbamgui.exe, version 1.51.0.38, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2011 12:57:08 AM | Computer Name = LOVEGIFT | Source = MsiInstaller | ID = 11321
Description = Product: Kaspersky Anti-Virus 2010 -- Error 1321.The Setup Wizard
has insufficient privileges to modify the file C:\WINDOWS\system32\drivers\kl1.sys.

[ System Events ]
Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2485663).

Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2481109).

Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2443105).

Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2378111).

Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB975558).

Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2296011).

Error - 7/11/2011 3:04:33 AM | Computer Name = LOVEGIFT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Windows XP (KB2345886).

Error - 7/13/2011 5:05:25 PM | Computer Name = LOVEGIFT | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/13/2011 5:05:25 PM | Computer Name = LOVEGIFT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/14/2011 2:54:25 PM | Computer Name = LOVEGIFT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

< End of report >

------------------------------------------------------

speccy

Summary
Operating System
MS Windows XP Media Center Edition Professional 32-bit SP3
CPU
Intel Core Duo T2300 @ 1.66GHz 62 °C
Yonah 65nm Technology
RAM
1.00 GB Dual-Channel DDR2 @ 266MHz (4-4-4-11)
Motherboard
Gateway (uFCPGA2) 63 °C
Graphics
Plug and Play Monitor (1280x800@60Hz)
Mobile Intel® 945GM Express Chipset Family
Mobile Intel® 945GM Express Chipset Family
Hard Drives
117GB Western Digital WDC WD1200BEVS-22LAT0 (SATA) 47 °C
Optical Drives
PHILIPS DVD+-RW SDVD8820
Audio
SigmaTel High Definition Audio CODEC
Operating System
MS Windows XP Media Center Edition Professional 32-bit SP3
Installation Date: 18 December 2006, 11:23

Windows Security Center
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Antivirus
Antivirus Enabled
Company Name Kaspersky Lab
Display Name Kaspersky Anti-Virus
Product Version 9.0.0.736
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Always On
Hibernation Enabled
Scheduler
7/19/2011 8:12 PM GoogleUpdateTaskMachineUA
7/19/2011 10:12 PM GoogleUpdateTaskMachineCore
7/22/2011 3:52 PM AppleSoftwareUpdate
Disabled ISP signup reminder 3
Hotfixes
7/15/2011 Update for Windows XP (KB2524375)
7/15/2011 Security Update for Windows XP (KB2412687)
7/15/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
7/15/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
7/13/2011 Security Update for Windows XP (KB2507938)
7/13/2011 Windows Malicious Software Removal Tool - July 2011 (KB890830)
7/13/2011 Security Update for Windows XP (KB2555917)
7/11/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
7/11/2011 Security Update for Windows XP (KB2483185)
7/11/2011 Security Update for Windows XP (KB2387149)
7/11/2011 Security Update for Windows XP (KB2478971)
7/11/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
7/11/2011 Update for Windows XP (KB2345886)
7/11/2011 Security Update for Windows XP (KB2296011)
7/11/2011 Security Update for Windows XP (KB975558)
7/11/2011 Security Update for Windows XP (KB2378111)
7/11/2011 Security Update for Windows XP (KB2443105)
7/11/2011 Security Update for Windows XP (KB2481109)
7/11/2011 Security Update for Windows XP (KB2485663)
7/11/2011 Security Update for Windows XP (KB2440591)
7/11/2011 Security Update for Windows XP (KB982132)
7/11/2011 Security Update for Windows XP (KB2476490)
7/11/2011 Security Update for Windows XP (KB2506223)
7/11/2011 Security Update for Windows XP (KB2503665)
7/11/2011 Security Update for Windows XP (KB2347290)
7/11/2011 Update for Windows XP (KB2443685)
7/11/2011 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
7/11/2011 Update for Windows XP (KB2524375)
7/11/2011 Security Update for Windows XP (KB979687)
7/11/2011 Security Update for Windows XP (KB2121546)
7/11/2011 Security Update for Windows XP (KB2535512)
7/11/2011 Security Update for Windows XP (KB2412687)
7/11/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
7/11/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
7/11/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
7/11/2011 Security Update for Windows XP (KB2536276)
7/11/2011 Security Update for Windows XP (KB981322)
7/11/2011 Security Update for Windows XP Media Center Edition 2005 Update Rollup 2 X86 Edition (KB2502898)
7/11/2011 Security Update for Windows XP (KB2507618)
7/11/2011 Security Update for Windows XP (KB2476687)
7/11/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
7/11/2011 Security Update for Windows XP (KB2419632)
7/11/2011 Security Update for Windows XP (KB2508429)
7/11/2011 Update for Windows XP (KB971029)
7/11/2011 Security Update for Windows XP (KB2506212)
7/11/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
7/11/2011 Security Update for Windows XP (KB2481109)
7/11/2011 Security Update for Windows XP (KB2443105)
7/11/2011 Security Update for Windows XP (KB2378111)
7/11/2011 Security Update for Windows XP (KB975558)
7/11/2011 Security Update for Windows XP (KB2296011)
7/11/2011 Update for Windows XP (KB2345886)
7/11/2011 Windows Malicious Software Removal Tool - June 2011 (KB890830)
7/11/2011 Security Update for Windows XP (KB2478971)
7/11/2011 Security Update for Windows XP (KB2387149)
7/11/2011 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2530548)
7/11/2011 Security Update for Windows XP (KB2476687)
7/11/2011 Security Update for Windows XP (KB2507618)
7/11/2011 Security Update for Windows XP Media Center Edition 2005 Update Rollup 2 X86 Edition (KB2502898)
7/11/2011 Security Update for Windows XP (KB981322)
7/11/2011 Security Update for Windows XP (KB2536276)
7/11/2011 Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
7/11/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2446704)
7/11/2011 Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
7/11/2011 Security Update for Windows XP (KB2412687)
7/11/2011 Security Update for Windows XP (KB2535512)
7/11/2011 Security Update for Windows XP (KB2121546)
7/11/2011 Security Update for Windows XP (KB979687)
7/11/2011 Update for Windows XP (KB2524375)
7/11/2011 Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
7/11/2011 Update for Windows XP (KB2443685)
7/11/2011 Security Update for Windows XP (KB2483185)
7/11/2011 Security Update for Windows XP (KB2347290)
7/11/2011 Security Update for Windows XP (KB2503665)
7/11/2011 Security Update for Windows XP (KB2506223)
7/11/2011 Security Update for Windows XP (KB2476490)
7/11/2011 Security Update for Windows XP (KB982132)
7/11/2011 Security Update for Windows XP (KB2440591)
7/11/2011 Security Update for Windows XP (KB2485663)
7/11/2011 Security Update for Windows XP (KB2419632)
7/11/2011 Security Update for Windows XP (KB2508429)
7/11/2011 Update for Windows XP (KB971029)
7/11/2011 Security Update for Windows XP (KB2506212)
7/11/2011 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2478658)
7/11/2011 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
7/11/2011 Security Update for Windows XP (KB2544893)
7/11/2011 Security Update for Windows XP (KB2509553)
7/11/2011 Security Update for Windows XP (KB2510531)
7/11/2011 Update for Windows XP (KB2541763)
7/11/2011 Security Update for Internet Explorer 8 for Windows XP (KB2544521)
7/11/2011 Security Update for Windows XP (KB2478960)
7/11/2011 Security Update for Windows XP (KB2393802)
7/11/2011 Security Update for Windows XP (KB2423089)
7/11/2011 Security Update for Windows XP (KB2360937)
8/13/2010 Security Update for Windows XP (KB982214)
8/13/2010 Security Update for Windows XP (KB2115168)
8/13/2010 Security Update for Windows XP (KB981852)
8/13/2010 Security Update for Windows XP (KB2079403)
8/13/2010 Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB983583)
8/13/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2183461)
8/13/2010 Security Update for Windows XP (KB2160329)
8/13/2010 Security Update for Windows XP (KB980436)
8/13/2010 Windows Malicious Software Removal Tool - August 2010 (KB890830)
8/13/2010 Security Update for Windows XP (KB981997)
8/13/2010 Security Update for Windows XP (KB982665)
8/3/2010 Security Update for Windows XP (KB2286198)
7/14/2010 Security Update for Windows XP (KB2229593)
7/14/2010 Windows Malicious Software Removal Tool - July 2010 (KB890830)
7/12/2010 Update for Windows XP (KB951978)
7/12/2010 Security Update for Windows XP (KB956744)
7/9/2010 Windows XP Service Pack 3 (KB936929)
7/1/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/30/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/29/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/28/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/27/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/26/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/26/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/24/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524)
6/24/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/22/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/20/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/20/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/19/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/18/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/17/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/17/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/15/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/15/2010 Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
6/15/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
6/12/2010 Security Update for Windows XP (KB980218)
6/12/2010 Microsoft .NET Framework 1.0 SP3 Security Update for Windows XP Tablet PC and Media Center (KB979904)
6/12/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195)
6/12/2010 Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
6/12/2010 Security Update for Windows XP (KB979559)
6/12/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB982381)
6/12/2010 Windows Malicious Software Removal Tool - June 2010 (KB890830)
6/12/2010 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP2 (KB978695)
6/12/2010 Security Update for Windows XP (KB979482)
6/12/2010 Security Update for Windows XP (KB975562)
6/12/2010 Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168)
6/12/2010 Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909)
5/26/2010 Update for Windows XP (KB981793)
5/20/2010 Windows Malicious Software Removal Tool - May 2010 (KB890830)
5/20/2010 Security Update for Windows XP (KB978542)
4/15/2010 Security Update for Windows XP (KB979683)
4/15/2010 Security Update for Windows XP (KB980232)
4/15/2010 Windows Malicious Software Removal Tool - April 2010 (KB890830)
4/15/2010 Security Update for Windows XP (KB978338)
4/15/2010 Security Update for Windows XP (KB977816)
4/15/2010 Security Update for Windows XP (KB981332)
4/14/2010 Security Update for Windows XP (KB978601)
4/14/2010 Security Update for Windows XP (KB979309)
4/1/2010 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182)
3/15/2010 Update for Windows XP (KB976662)
3/15/2010 Security Update for Jscript 5.8 for Windows XP (KB971961)
3/12/2010 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB978207)
3/12/2010 Update for Internet Explorer 8 Dynamic Installer Compatibility View List for Windows XP (KB978506)
3/12/2010 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB976325)
3/11/2010 Security Update for Windows XP (KB975561)
3/11/2010 Windows Malicious Software Removal Tool - March 2010 (KB890830)
3/6/2010 Security Update for Windows XP (KB977165)
2/25/2010 Update for Windows XP (KB979306)
2/11/2010 Cumulative Security Update for ActiveX Killbits for Windows XP (KB978262)
2/11/2010 Security Update for Windows XP (KB971468)
2/11/2010 Windows Malicious Software Removal Tool - February 2010 (KB890830)
2/11/2010 Security Update for Windows XP (KB978037)
2/11/2010 Security Update for Windows XP (KB975713)
2/11/2010 Security Update for Windows XP (KB978251)
2/11/2010 Security Update for Windows XP (KB975560)
2/11/2010 Security Update for Windows XP (KB977914)
2/11/2010 Security Update for Windows XP (KB978706)
1/22/2010 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
1/14/2010 Update for Windows XP (KB955759)
1/14/2010 Security Update for Windows XP (KB972270)
1/14/2010 Windows Malicious Software Removal Tool - January 2010 (KB890830)
12/9/2009 Update for Windows XP (KB970430)
12/9/2009 Security Update for Windows XP (KB974318)
12/9/2009 Security Update for Windows XP (KB973904)
12/9/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB976325)
12/9/2009 Security Update for Windows XP (KB974392)
12/9/2009 Update for Windows XP (KB971737)
12/9/2009 Windows Malicious Software Removal Tool - December 2009 (KB890830)
11/28/2009 Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB973686)
11/28/2009 Update for Windows XP (KB976098)
11/28/2009 Update for Windows XP (KB973687)
11/28/2009 Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688)
11/12/2009 Windows Malicious Software Removal Tool - November 2009 (KB890830)
11/12/2009 Security Update for Windows XP (KB969947)
11/5/2009 Update for Internet Explorer 7 for Windows XP (KB976749)
10/20/2009 Windows Update Agent 7.2.6001.788
10/17/2009 Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417)
10/17/2009 Security Update for Windows XP (KB958869)
10/17/2009 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 2 (KB954155)
10/17/2009 Windows Malicious Software Removal Tool - October 2009 (KB890830)
10/17/2009 Security Update for Windows XP (KB969059)
10/17/2009 Security Update for Windows XP (KB974112)
10/17/2009 Security Update for Windows XP (KB975025)
10/17/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB974455)
10/17/2009 Security Update for Windows XP (KB974571)
10/17/2009 Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)
10/17/2009 Security Update for Windows XP (KB971486)
10/17/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973525)
10/17/2009 Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295)
10/17/2009 Security Update for Windows XP (KB975467)
9/12/2009 Windows Malicious Software Removal Tool - September 2009 (KB890830)
9/11/2009 Security Update for Windows XP (KB956844)
9/11/2009 Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 2 (KB968816)
9/11/2009 Security Update for Windows XP (KB973768)
9/11/2009 Security Update for Jscript 5.7 for Windows XP (KB971961)
9/2/2009 Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707)
8/27/2009 Update for Windows XP (KB970653)
8/24/2009 Update for Windows XP (KB968389)
8/16/2009 Update for Windows XP (KB968389)
8/14/2009 Security Update for Windows XP (KB960859)
8/14/2009 Security Update for Windows XP (KB971657)
8/14/2009 Security Update for Windows XP (KB971557)
8/14/2009 Security Update for Windows XP (KB973869)
8/14/2009 Security Update for Windows XP Service Pack 2 (KB973540)
8/14/2009 Security Update for Windows XP (KB973507)
8/14/2009 Security Update for Windows XP (KB973354)
8/14/2009 Windows Malicious Software Removal Tool - August 2009 (KB890830)
8/14/2009 Security Update for Windows XP (KB958470)
8/14/2009 Security Update for Windows XP (KB973815)
8/14/2009 Security Update for Windows XP (KB971032)
8/9/2009 Update for Windows XP (KB961118)
8/9/2009 Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459)
8/9/2009 February 2007 CardSpace Update for Windows XP (KB925720)
8/8/2009 Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86
7/30/2009 Windows XP Service Pack 3 (KB936929)
7/29/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB972260)
7/16/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
7/16/2009 Security Update for Windows XP (KB971633)
7/16/2009 Windows Malicious Software Removal Tool - July 2009 (KB890830)
7/16/2009 Security Update for Windows XP (KB961371)
7/7/2009 Windows XP Service Pack 3 (KB936929)
6/29/2009 Internet Explorer 8 for Windows XP
6/18/2009 Windows XP Service Pack 3 (KB936929)
6/17/2009 Security Update for Windows XP (KB959426)
6/17/2009 Security Update for Windows XP (KB961373)
6/17/2009 Security Update for Windows XP (KB956572)
6/17/2009 Security Update for Windows XP (KB961501)
6/17/2009 Security Update for Windows XP (KB952004)
6/17/2009 Update Rollup for ActiveX Killbits for Windows XP (KB969898)
6/17/2009 Windows Malicious Software Removal Tool - June 2009 (KB890830)
6/17/2009 Security Update for Windows XP (KB970238)
6/17/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB969897)
6/17/2009 Security Update for Windows XP (KB960803)
6/17/2009 Security Update for Windows XP (KB968537)
6/17/2009 Security Update for Windows XP (KB923561)
6/15/2009 Windows XP Service Pack 3 (KB936929)
3/17/2009 Security Update for Windows XP (KB960225)
3/17/2009 Security Update for Windows XP (KB958690)
3/17/2009 Update for Windows XP (KB959772)
3/10/2009 Windows Malicious Software Removal Tool - February 2009 (KB890830)
3/10/2009 Security Update for Windows XP Service Pack 2 (KB952069)
3/10/2009 Update for Windows XP (KB967715)
3/4/2009 Security Update for Windows XP (KB952954)
3/4/2009 Security Update for Windows XP (KB946648)
3/4/2009 Security Update for Windows XP (KB956803)
3/4/2009 Update for Windows XP (KB955839)
3/4/2009 Security Update for Windows XP (KB950974)
3/4/2009 Update Rollup for ActiveX Killbits for Windows XP (KB960715)
3/4/2009 Security Update for Windows XP (KB958687)
3/4/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB961260)
3/2/2009 Security Update for Windows XP (KB952954)
3/2/2009 Security Update for Windows XP (KB946648)
3/2/2009 Security Update for Windows XP (KB956803)
3/2/2009 Security Update for Windows XP Service Pack 2 (KB952069)
3/2/2009 Update for Windows XP (KB955839)
3/2/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
3/2/2009 Security Update for Windows XP (KB957095)
3/2/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
3/2/2009 Windows Malicious Software Removal Tool - December 2008 (KB890830)
3/2/2009 Security Update for Internet Explorer 7 for Windows XP (KB960714)
3/2/2009 Security Update for Windows XP (KB950974)
3/2/2009 Security Update for Windows XP (KB952954)
3/2/2009 Security Update for Windows XP (KB946648)
3/2/2009 Security Update for Windows XP (KB956803)
3/2/2009 Security Update for Windows XP Service Pack 2 (KB952069)
3/2/2009 Update for Windows XP (KB955839)
3/2/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
3/2/2009 Security Update for Windows XP (KB957095)
3/2/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
3/2/2009 Windows Malicious Software Removal Tool - December 2008 (KB890830)
3/2/2009 Security Update for Internet Explorer 7 for Windows XP (KB960714)
3/2/2009 Security Update for Windows XP (KB950974)
3/2/2009 Security Update for Windows XP Service Pack 2 (KB952069)
3/2/2009 Update for Windows XP (KB955839)
3/2/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
3/2/2009 Security Update for Windows XP (KB957095)
3/2/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
3/2/2009 Windows Malicious Software Removal Tool - December 2008 (KB890830)
3/2/2009 Security Update for Internet Explorer 7 for Windows XP (KB960714)
3/2/2009 Security Update for Windows XP (KB952954)
3/2/2009 Security Update for Windows XP (KB946648)
3/2/2009 Security Update for Windows XP (KB950974)
3/2/2009 Security Update for Windows XP (KB956803)
3/2/2009 Windows Malicious Software Removal Tool - December 2008 (KB890830)
3/2/2009 Security Update for Windows XP (KB946648)
3/2/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
3/2/2009 Security Update for Windows XP (KB956803)
3/2/2009 Security Update for Windows XP (KB952954)
3/2/2009 Update for Windows XP (KB955839)
3/2/2009 Security Update for Windows XP Service Pack 2 (KB952069)
3/2/2009 Security Update for Windows XP (KB950974)
3/2/2009 Security Update for Windows XP (KB957095)
3/2/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
3/2/2009 Security Update for Internet Explorer 7 for Windows XP (KB960714)
3/2/2009 Security Update for Windows XP (KB950974)
3/2/2009 Windows Malicious Software Removal Tool - December 2008 (KB890830)
3/2/2009 Security Update for Windows XP (KB952954)
3/2/2009 Security Update for Windows XP (KB946648)
3/2/2009 Security Update for Windows XP (KB954211)
3/2/2009 Security Update for Windows XP (KB956803)
3/2/2009 Security Update for Windows XP (KB956841)
3/2/2009 Security Update for Windows XP Service Pack 2 (KB952069)
3/2/2009 Update for Windows XP (KB955839)
3/2/2009 Cumulative Security Update for ActiveX Killbits for Windows XP (KB956391)
3/2/2009 Security Update for Windows XP (KB957097)
3/2/2009 Security Update for Windows XP (KB957095)
3/2/2009 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)
3/2/2009 Security Update for Internet Explorer 7 for Windows XP (KB960714)
3/2/2009 Update for Windows XP (KB952287)
3/2/2009 Security Update for Outlook Express for Windows XP (KB951066)
3/2/2009 Security Update for Windows XP (KB938464)
3/2/2009 Security Update for Windows XP (KB954600)
3/2/2009 Security Update for Windows XP (KB958644)
3/2/2009 Security Update for Windows XP (KB955069)
3/2/2009 Security Update for Windows XP (KB956802)
3/2/2009 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)
3/2/2009 Security Update for Windows XP (KB954154)
11/20/2008 Windows XP Service Pack 3 (KB936929)
11/20/2008 Windows Update Agent 7.2.6001.788
9/11/2008 Windows Malicious Software Removal Tool - July 2008 (KB890830)
7/9/2008 Security Update for Windows XP (KB951748)
6/27/2008 Security Update for Windows XP (KB951376)
6/18/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB950759)
6/18/2008 Windows Malicious Software Removal Tool - June 2008 (KB890830)
6/18/2008 Security Update for Windows XP (KB951698)
6/18/2008 Security Update for Windows XP (KB950762)
6/18/2008 Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760)
6/18/2008 Security Update for Windows XP (KB951376)
5/30/2008 Security Update for Windows XP (KB950749)
5/30/2008 Update for Windows XP (KB932823)
5/30/2008 Windows Malicious Software Removal Tool - May 2008 (KB890830)
4/24/2008 Microsoft .NET Framework 2.0 Service Pack 1 (KB110806)
4/11/2008 Security Update for ActiveX Killbits for Windows XP (KB948881)
4/11/2008 Security Update for Windows XP (KB941693)
4/11/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB947864)
4/11/2008 Security Update for Windows XP (KB948590)
4/11/2008 Windows Malicious Software Removal Tool - April 2008 (KB890830)
4/11/2008 Security Update for Windows XP (KB945553)
3/25/2008 Windows Malicious Software Removal Tool - March 2008 (KB890830)
2/16/2008 Windows Malicious Software Removal Tool - February 2008 (KB890830)
2/16/2008 Security Update for Windows XP (KB946026)
2/16/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB944533)
2/16/2008 Security Update for Windows XP (KB943055)
1/11/2008 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB942615)
1/11/2008 Security Update for Internet Explorer 7 for Windows XP (KB938127)
1/10/2008 Windows Internet Explorer 7 for Windows XP
1/10/2008 Windows Malicious Software Removal Tool - January 2008 (KB890830)
1/10/2008 Security Update for Windows XP (KB941644)
1/10/2008 Security Update for Windows XP (KB943485)
12/22/2007 Update for Internet Explorer 6 for Windows XP (KB946627)
12/12/2007 Security Update for Windows XP (KB937894)
12/12/2007 Update for Windows XP (KB942840)
12/12/2007 Windows Malicious Software Removal Tool - December 2007 (KB890830)
12/12/2007 Update for Windows XP (KB942763)
12/12/2007 Security Update for Windows XP (KB941569)
12/12/2007 Security Update for Windows XP (KB941568)
12/12/2007 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB942615)
12/12/2007 Security Update for Windows XP (KB944653)
12/5/2007 Windows Internet Explorer 7 for Windows XP
11/16/2007 Security Update for Windows XP (KB943460)
11/16/2007 Windows Malicious Software Removal Tool - November 2007 (KB890830)
10/11/2007 Security Update for Windows XP (KB933729)
10/11/2007 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB939653)
10/11/2007 Windows Malicious Software Removal Tool - October 2007 (KB890830)
10/11/2007 Security Update for Outlook Express for Windows XP (KB941202)
9/14/2007 Windows Malicious Software Removal Tool - September 2007 (KB890830)
9/3/2007 Update for Windows Media Player 11 for Windows XP (KB939683)
8/29/2007 Update for Windows XP (KB933360)
8/16/2007 Security Update for Windows XP (KB936021)
8/16/2007 Update for Windows XP (KB938828)
8/16/2007 Security Update for Windows XP (KB921503)
8/16/2007 Security Update for Windows XP (KB938829)
8/16/2007 Windows Malicious Software Removal Tool - August 2007 (KB890830)
8/16/2007 Security Update for Windows XP (KB938127)
8/16/2007 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB937143)
8/16/2007 Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB936181)
8/16/2007 Security Update for Windows Media Player 11 for Windows XP (KB936782)
7/21/2007 Windows Malicious Software Removal Tool - July 2007 (KB890830)
7/21/2007 Update for Windows XP (KB936357)
7/21/2007 Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)
7/21/2007 Security Update for Microsoft .NET Framework, Version 2.0 (KB928365)
7/21/2007 Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB930494)
6/15/2007 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB933566)
6/13/2007 Cumulative Security Update for Outlook Express for Windows XP (KB929123)
6/13/2007 Security Update for Windows XP (KB935840)
6/13/2007 Windows Malicious Software Removal Tool - June 2007 (KB890830)
6/13/2007 Security Update for Windows XP (KB935839)
5/28/2007 Update for Windows XP (KB927891)
5/22/2007 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB931768)
5/20/2007 Update for Windows XP (KB930916)
5/20/2007 Windows Malicious Software Removal Tool - May 2007 (KB890830)
4/19/2007 Update for Windows Media Format 11 SDK for Windows XP (KB929399)
4/18/2007 Windows Media Player 11 (for Windows Media Center Edition 2005)
4/13/2007 Windows Malicious Software Removal Tool - April 2007 (KB890830)
4/12/2007 Security Update for Windows XP (KB931784)
4/12/2007 Security Update for Windows XP (KB931261)
4/12/2007 Security Update for Windows XP (KB930178)
4/12/2007 Security Update for Windows XP (KB932168)
4/4/2007 Security Update for Windows XP (KB925902)
3/15/2007 Windows Malicious Software Removal Tool - March 2007 (KB890830)
3/15/2007 Update for Windows XP (KB929338)
3/5/2007 Windows Genuine Advantage Notification (KB905474)
2/24/2007 Windows Malicious Software Removal Tool - February 2007 (KB890830)
2/16/2007 Security Update for Windows XP (KB927779)
2/16/2007 Security Update for Windows XP (KB927802)
2/16/2007 Security Update for Windows XP (KB928255)
2/16/2007 Security Update for Windows XP (KB924667)
2/16/2007 Update for Windows XP (KB931836)
2/16/2007 Security Update for Windows XP (KB926436)
2/16/2007 Security Update for Windows XP (KB918118)
2/16/2007 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB928090)
2/16/2007 Security Update for Windows XP (KB928843)
2/15/2007 Windows Malicious Software Removal Tool - July 2006 (KB890830)
2/7/2007 Windows Media Player 11 (for Windows Media Center Edition 2005)
1/13/2007 Security Update for Windows XP (KB929969)
1/9/2007 Cumulative Security Update for Internet Explorer for Windows XP (KB925454)
1/9/2007 Security Update for Windows XP (KB924191)
1/9/2007 Security Update for Windows XP (KB922819)
1/9/2007 Security Update for Windows XP (KB923414)
1/9/2007 Security Update for Windows Media Player 6.4 (KB925398)
1/9/2007 Security Update for Windows XP (KB922616)
1/9/2007 Security Update for Windows XP (KB920685)
1/9/2007 Security Update for Windows XP (KB923980)
1/9/2007 Security Update for Microsoft .NET Framework, Version 2.0 (KB917283)
1/9/2007 Security Update for Windows XP (KB924270)
1/9/2007 Security Update for Windows XP (KB924496)
1/9/2007 Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB887998)
1/8/2007 Update for Windows XP Media Center Edition 2005 (KB926251)
1/8/2007 Security Update for Windows XP (KB921398)
1/8/2007 Security Update for Microsoft .NET Framework, Version 2.0 (KB922770)
1/8/2007 Security Update for Windows XP (KB923689)
1/8/2007 Security Update for Windows XP (KB920670)
1/8/2007 Update for Windows XP (KB920872)
1/8/2007 Security Update for Windows XP (KB919007)
1/8/2007 MSXML 4.0 SP2 Security Update (KB927978)
1/8/2007 Security Update for Windows XP (KB923191)
1/8/2007 Security Update for Windows XP (KB917422)
1/8/2007 Update for Windows XP (KB922582)
1/8/2007 Security Update for Windows XP (KB926255)
1/8/2007 Security Update for Windows XP (KB925486)
1/8/2007 Security Update for Windows XP (KB920213)
1/8/2007 Critical Update for Windows XP (KB886185)
1/8/2007 Cumulative Security Update for Outlook Express for Windows XP (KB923694)
1/8/2007 Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB886903)
1/8/2007 Security Update for Windows XP (KB920683)
1/6/2007 Update for Windows XP (KB898461)
Battery
AC line Online
Battery full time Unknown
Battery Charge % 97 %
Battery State High
Amount of time remaining (sec) Unknown
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running Background Intelligent Transfer Service
Running Bonjour Service
Running COM+ Event System
Running COM+ System Application
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Help and Support
Running HID Input Service
Running Intel® Matrix Storage Event Monitor
Running Intel® PROSet/Wireless Event Log
Running Intel® PROSet/Wireless Registry Service
Running Intel® PROSet/Wireless Service
Running IPSEC Services
Running Kaspersky Anti-Virus
Running Logical Disk Manager
Running lxdm_device
Running lxdmCATSCustConnectService
Running MBAMService
Running Media Center Extender Service
Running Media Center Receiver Service
Running Media Center Scheduler Service
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Pml Driver HPZ12
Running Print Spooler
Running PrismXL
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Remote Registry
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Time
Running Wireless Zero Configuration
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ClipBook
Stopped Computer Browser
Stopped Distributed Transaction Coordinator
Stopped Extensible Authentication Protocol Service
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management Service
Stopped HTTP SSL
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped iPod Service
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped MHN
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Office Source Engine
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Smart Card
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Driver Foundation - User-mode Driver Framework
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Windows Media Player Network Sharing Service
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
Genuine Intel® CPU T2300 @ 1.66GHz
Genuine Intel® CPU T2300 @ 1.66GHz
ACPI Thermal Zone
ACPI Power Button
ACPI Sleep Button
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
ACPI Lid
ACPI Fixed Feature Button
PCI bus
Mobile Intel® 955XM/945GM/PM/GMS/940GML Express Processor to DRAM Controller – 27A0
Intel® 82801G (ICH7 Family) SMBus Controller - 27DA
Motherboard resources
Mobile Intel® 945GM Express Chipset Family
Plug and Play Monitor
Plug and Play Monitor
Mobile Intel® 945GM Express Chipset Family
Plug and Play Monitor
Microsoft UAA Bus Driver for High Definition Audio
SigmaTel High Definition Audio CODEC
Motorola SM56 Data Fax Modem
Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D0
Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D2
Intel® PRO/Wireless 3945ABG Network Connection
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C8
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C9
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CA
USB Root Hub
Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CB
USB Root Hub
Intel® 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
USB Root Hub
Intel® 82801 PCI Bridge - 2448
Texas Instruments PCIxx12 Cardbus Controller
Texas Instruments PCIxx12 Integrated FlashMedia Controller
Texas Instruments OHCI Compliant IEEE 1394 Host Controller
1394 Net Adapter
Intel® 82801GBM (ICH7-M) LPC Interface Controller - 27B9
ISAPNP Read Data Port
Direct memory access controller
High precision event timer
Programmable interrupt controller
Numeric data processor
Motherboard resources
System CMOS/real time clock
System timer
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Synaptics PS/2 Port TouchPad
Microsoft ACPI-Compliant Embedded Controller
Intel® 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF
Primary IDE Channel
PHILIPS DVD+-RW SDVD8820
Intel® 82801GBM SATA AHCI Controller
WDC WD1200BEVS-22LAT0
CPU
Intel Core Duo T2300
Cores 2
Threads 2
Name Intel Core Duo T2300
Code Name Yonah
Package Socket 479 mPGA
Technology 65nm
Specification Genuine Intel® CPU T2300 @ 1.66GHz
Family 6
Extended Family 6
Model E
Extended Model E
Stepping 8
Revision C0
Instructions MMX, SSE, SSE2, SSE3
Virtualization Supported, Disabled
Hyperthreading Not supported
Bus Speed 166.3 MHz
Rated Bus Speed 665.2 MHz
Stock Core Speed 1666 MHz
Stock Bus Speed 166 MHz
Average Temperature 62 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2048 KBytes
Core 0
Core Speed 1663.3 MHz
Multiplier x 10.0
Bus Speed 166.3 MHz
Rated Bus Speed 665.2 MHz
Temperature 63 °C
Thread 1
APIC ID 0
Core 1
Core Speed 1663.3 MHz
Multiplier x 10.0
Bus Speed 166.3 MHz
Rated Bus Speed 665.2 MHz
Temperature 60 °C
Thread 1
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 1024 MBytes
Channels # Dual
DRAM Frequency 266.1 MHz
CAS# Latency (CL) 4 clocks
RAS# to CAS# Delay (tRCD) 4 clocks
RAS# Precharge (tRP) 4 clocks
Cycle Time (tRAS) 11 clocks
Bank Cycle Time (tRC) 16 clocks
Physical Memory
Memory Usage 53 %
Total Physical MB
Available Physical 447 MB
Total Virtual 2.00 GB
Available Virtual 1.91 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 512 MBytes
Manufacturer Samsung
Max Bandwidth PC2-4300 (266 MHz)
Part Number M4 70T6554CZ3-CD5
Serial Number F753ED63
Week/year 45 / 06
SPD Ext. EPP
JEDEC #3
Frequency 266.7 MHz
CAS# Latency 5.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 8
tRC 11
Voltage 1.800 V
Slot #2
Type DDR2
Size 512 MBytes
Manufacturer Samsung
Max Bandwidth PC2-4300 (266 MHz)
Part Number M4 70T6554CZ3-CD5
Serial Number F753ED8B
Week/year 45 / 06
SPD Ext. EPP
JEDEC #3
Frequency 266.7 MHz
CAS# Latency 5.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #2
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 11
tRC 15
Voltage 1.800 V
JEDEC #1
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 8
tRC 11
Voltage 1.800 V
Motherboard
Manufacturer Gateway
Version 3402688R
Chipset Vendor Intel
Chipset Model i945GM
Chipset Revision 03
Southbridge Vendor Intel
Southbridge Model 82801GHM (ICH7-M/U)
Southbridge Revision B0
System Temperature 63 °C
BIOS
Brand Phoenix Technologies LTD
Version 77.15
Date 06/29/2007
Graphics
Monitor
Name Plug and Play Monitor on Mobile Intel 945GM Express Chipset Family
Current Resolution 1280x800 pixels
Work Resolution 1280x770 pixels
State enabled, primary, output devices support
Monitor Width 1280
Monitor Height 800
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Mobile Intel® 945GM Express Chipset Family
Memory 64 MB
Memory type 2
Driver version 6.14.10.4543
Mobile Intel® 945GM Express Chipset Family
Memory 64 MB
Memory type 2
Driver version 6.14.10.4543
Hard Drives
WDC WD1200BEVS-22LAT0
Manufacturer Western Digital
Form Factor GB/2.5-inch
Business Unit/Brand Mobile/WD Scorpio®
RPM/Buffer Size or Attribute 5400 RPM with 8 MB cache (Mobile)
Interface/Connector SATA 3 Gb/s with 22-pin SATA connector/SATA 1.5 Gb/s with 22-pin SATA connector (Mobile)
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
48-bit LBA Supported
Serial Number WD-WXE406425265
Interface SATA
Capacity 117GB
Real size 120,034,123,776 bytes
S.M.A.R.T
01 Read Error Rate 200 (200 worst) Data 0000000001
03 Spin-Up Time 192 (188) Data 000000054E
04 Start/Stop Count 095 (095) Data 00000013C3
05 Reallocated Sectors Count 196 (196) Data 0000000019
07 Seek Error Rate 100 (253) Data 0000000000
09 Power-On Hours (POH) 094 (094) Data 000000120A
0A Spin Retry Count 100 (100) Data 0000000000
0B Recalibration Retries 100 (100) Data 0000000000
0C Device Power Cycle Count 096 (096) Data 0000001161
C0 Power-off Retract Count 195 (195) Data 000000115F
C1 Load/Unload Cycle Count 193 (193) Data 0000005B68
C2 Temperature 101 (084) Data 000000002E
C4 Reallocation Event Count 197 (197) Data 0000000003
C5 Current Pending Sector Count 200 (200) Data 0000000002
C6 Uncorrectable Sector Count 100 (253) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (253) Data 0000000000
Temperature 47 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number B0EA901F
Size 53GB
Used Space 13.0GB (25%)
Free Space 40GB (75%)
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter D:
File System FAT32
Volume Serial Number 6A5F1690
Size 6.83GB
Used Space 1MB (1%)
Free Space 6.83GB (99%)
Optical Drives
PHILIPS DVD+-RW SDVD8820
Media Type CD-ROM
Name PHILIPS DVD+-RW SDVD8820
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Card
SigmaTel High Definition Audio CODEC
Playback Device
SigmaTel Audio
Recording Device
SigmaTel Audio
Speaker Configuration
Speaker type Stereo
Peripherals
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device Kind Keyboard
Device Name Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 7-1-2001
Version 5.1.2600.2825
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Location plugged into PS/2 mouse port
Driver
Date 10-8-2004
Version 7.12.3.0
File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\SynTP.sys
File C:\WINDOWS\system32\SynTPAPI.dll
File C:\WINDOWS\system32\SynTPFcs.dll
File C:\WINDOWS\system32\SynCOM.dll
File C:\WINDOWS\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.ini
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\WINDOWS\system32\SynTPCo2.dll
Network
You are connected to the internet
Connected through Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
IP Address 131.191.60.227
Subnet mask 255.255.252.0
Gateway server 131.191.60.1
Preferred DNS server 131.191.7.12
Alternate DNS server 131.191.7.194
Alternate DNS server 8.8.8.8
DHCP Enabled
DHCP server 131.191.7.13
External IP Address 131.191.60.227
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name LOVEGIFT
DNS Name LoveGift
Domain Name LOVEGIFT
Remote Desktop
Console
State Active
Domain LOVEGIFT
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 1
Available access points count 1
Wi-Fi (hpsetup-adhoc)
SSID hpsetup-adhoc
Name No name
Signal Strength/Quality 0
Security Disabled
State The interface is not connected to any network
Dot11 Type Independent BSS (IBSS) network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network No Cipher algorithm is enabled/supported
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
IP Address 131.191.60.227
Subnet mask 255.255.252.0
Gateway server 131.191.60.1
Network Shares
No network shares

------------------------------------------------------

MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 178):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7ABE000 \WINDOWS\system32\KDCOM.DLL
0xF79CE000 \WINDOWS\system32\BOOTVID.dll
0xF748F000 ACPI.sys
0xF7AC0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF747E000 pci.sys
0xF75BE000 isapnp.sys
0xF75CE000 ohci1394.sys
0xF75DE000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF79D2000 compbatt.sys
0xF79D6000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B86000 pciide.sys
0xF783E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AC2000 aliide.sys
0xF7AC4000 intelide.sys
0xF7AC6000 toside.sys
0xF7AC8000 viaide.sys
0xF7ACA000 cmdide.sys
0xF7460000 pcmcia.sys
0xF75EE000 MountMgr.sys
0xF7441000 ftdisk.sys
0xF7ACC000 dmload.sys
0xF741B000 dmio.sys
0xF79DA000 ACPIEC.sys
0xF7B87000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7846000 PartMgr.sys
0xF75FE000 VolSnap.sys
0xF79DE000 cpqarray.sys
0xF7403000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF732D000 IASTOR.SYS
0xF7315000 atapi.sys
0xF79E2000 aha154x.sys
0xF784E000 sparrow.sys
0xF79E6000 symc810.sys
0xF760E000 aic78xx.sys
0xF79EA000 dac960nt.sys
0xF761E000 ql10wnt.sys
0xF79EE000 amsint.sys
0xF7856000 asc.sys
0xF79F2000 asc3550.sys
0xF785E000 mraid35x.sys
0xF7866000 i2omp.sys
0xF79F6000 ini910u.sys
0xF762E000 ql1240.sys
0xF763E000 aic78u2.sys
0xF786E000 symc8xx.sys
0xF7876000 sym_hi.sys
0xF787E000 sym_u3.sys
0xF7886000 ABP480N5.SYS
0xF788E000 asc3350p.sys
0xF7ACE000 cd20xrnt.sys
0xF764E000 ultra.sys
0xF72FC000 adpu160m.sys
0xF7896000 dpti2o.sys
0xF765E000 ql1080.sys
0xF766E000 ql1280.sys
0xF767E000 ql12160.sys
0xF789E000 perc2.sys
0xF7AD0000 perc2hib.sys
0xF78A6000 hpn.sys
0xF79FA000 cbidf2k.sys
0xF72D0000 dac2w2k.sys
0xF768E000 disk.sys
0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72B0000 fltmgr.sys
0xF729E000 sr.sys
0xF76AE000 PxHelp20.sys
0xF7287000 KSecDD.sys
0xF71FA000 Ntfs.sys
0xF71CD000 NDIS.sys
0xF76BE000 sisagp.sys
0xF76CE000 viaagp.sys
0xF71B3000 Mup.sys
0xF76DE000 klbg.sys
0xF76EE000 alim1541.sys
0xF76FE000 amdagp.sys
0xF770E000 agp440.sys
0xF771E000 agpCPQ.sys
0xF781E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF70B2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6032000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF601E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5FF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5FBA000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF5E18000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5DF4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF782E000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF5DCC000 \SystemRoot\system32\drivers\tifm21.sys
0xF71A3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78F6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5D9E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7193000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7183000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7173000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7163000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5D7B000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7153000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7143000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7C00000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7133000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF70A6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5D64000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7123000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7113000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7906000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5D53000 \SystemRoot\system32\DRIVERS\psched.sys
0xF773E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7916000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5D23000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF774E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5CC5000 \SystemRoot\system32\DRIVERS\update.sys
0xF6E89000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77BE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA9B85000 \SystemRoot\system32\drivers\sthda.sys
0xA9B61000 \SystemRoot\system32\drivers\portcls.sys
0xF6AC4000 \SystemRoot\system32\drivers\drmk.sys
0xA9A86000 \SystemRoot\system32\DRIVERS\smserial.sys
0xF7966000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6AB4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF70E3000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA9A0D000 \SystemRoot\system32\DRIVERS\klif.sys
0xF7CFE000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7CC1000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7B46000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CE8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B48000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79AE000 \SystemRoot\System32\drivers\vga.sys
0xF7B4A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79B6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79BE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF5C9D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8894000 \??\C:\WINDOWS\system32\drivers\kl1.sys
0xA87A9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8728000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8702000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA86DA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5567000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9126000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF5557000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA8618000 \SystemRoot\System32\drivers\afd.sys
0xF5547000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA85ED000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA857D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5537000 \SystemRoot\System32\Drivers\Fips.SYS
0xA25ED000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA2517000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA3FE2000 \SystemRoot\System32\drivers\Dxapi.sys
0xA4221000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA7B2B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBF16E000 \SystemRoot\System32\ATMFD.DLL
0xA8490000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA281B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF70B6000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA5151000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA248A000 \SystemRoot\system32\drivers\wdmaud.sys
0xF776E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA22EF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA225E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA21DE000 \SystemRoot\system32\DRIVERS\srv.sys
0xA1BBE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA183A000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xA131C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
1348 C:\WINDOWS\system32\smss.exe
1396 csrss.exe
1420 C:\WINDOWS\system32\winlogon.exe
1464 C:\WINDOWS\system32\services.exe
1476 C:\WINDOWS\system32\lsass.exe
1636 C:\WINDOWS\system32\svchost.exe
1744 svchost.exe
1940 C:\WINDOWS\system32\svchost.exe
2000 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
360 C:\WINDOWS\explorer.exe
404 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
620 svchost.exe
852 svchost.exe
1092 C:\WINDOWS\system32\spoolsv.exe
776 svchost.exe
808 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
824 C:\Program Files\Bonjour\mDNSResponder.exe
908 C:\WINDOWS\ehome\ehrecvr.exe
1332 C:\WINDOWS\ehome\ehSched.exe
1808 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
1856 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmserv.exe
224 C:\WINDOWS\system32\lxdmcoms.exe
2108 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2568 C:\WINDOWS\system32\HPZipm12.exe
2600 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
2704 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2768 svchost.exe
2824 C:\WINDOWS\system32\svchost.exe
2940 mcrdsvc.exe
3200 C:\WINDOWS\system32\dllhost.exe
3376 wmiprvse.exe
3748 alg.exe
2428 C:\WINDOWS\ehome\ehtray.exe
2436 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2468 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2472 C:\WINDOWS\ehome\ehmsas.exe
3444 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3604 C:\WINDOWS\stsystra.exe
3636 C:\WINDOWS\system32\igfxtray.exe
3648 C:\WINDOWS\system32\hkcmd.exe
2016 C:\WINDOWS\system32\igfxsrvc.exe
3704 C:\WINDOWS\system32\igfxpers.exe
3728 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
3832 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1924 C:\Program Files\QuickTime\QTTask.exe
560 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
2124 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
1844 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
2236 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
4012 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2952 C:\WINDOWS\system32\notepad.exe
2264 C:\Documents and Settings\Owner-1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x0000000e`a490bc00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD1200BEVS-22LAT0, Rev: 01.06M01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD

Done!

---------------------------------------------------------------

Procexp

Process PID CPU Private Bytes Working Set Description Company Name
ZCfgSvc.exe 3728 33.85 7,376 K 13,532 K ZeroCfgSvc MFC Application Intel Corporation
iFrmewrk.exe 3832 29.23 21,336 K 26,620 K Intel Framework MFC Application Intel Corporation
svchost.exe 1940 8.46 15,508 K 25,916 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1744 6.15 2,188 K 5,080 K Generic Host Process for Win32 Services Microsoft Corporation
System Idle Process 0 5.38 0 K 28 K
avp.exe 808 4.62 100,740 K 12,180 K Kaspersky Anti-Virus Kaspersky Lab
System 4 3.85 0 K 640 K
procexp.exe 3004 3.08 10,576 K 14,836 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
lsass.exe 1476 3.08 4,104 K 6,428 K LSA Shell (Export Version) Microsoft Corporation
wmiprvse.exe 3376 0.77 52,928 K 57,144 K WMI Microsoft Corporation
S24EvMon.exe 404 0.77 9,724 K 12,696 K Wireless Management Service Intel Corporation
explorer.exe 360 0.77 16,824 K 26,728 K Windows Explorer Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 2512 2,572 K 5,148 K WMI Microsoft Corporation
winlogon.exe 1420 8,208 K 6,272 K Windows NT Logon Application Microsoft Corporation
SynTPLpr.exe 2436 980 K 2,772 K TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 2468 1,704 K 4,660 K Synaptics TouchPad Enhancements Synaptics, Inc.
svchost.exe 1636 3,304 K 5,400 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 620 2,024 K 4,340 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 852 1,308 K 3,280 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 776 1,496 K 4,028 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2768 1,580 K 4,020 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2824 2,604 K 4,476 K Generic Host Process for Win32 Services Microsoft Corporation
stsystra.exe 3604 4,032 K 7,020 K Sigmatel Audio system tray application SigmaTel, Inc.
spoolsv.exe 1092 4,624 K 7,384 K Spooler SubSystem App Microsoft Corporation
smss.exe 1348 172 K 420 K Windows NT Session Manager Microsoft Corporation
sm56hlpr.exe 2236 1,208 K 3,600 K Application executable file Motorola Inc.
services.exe 1464 1,928 K 3,720 K Services and Controller app Microsoft Corporation
RegSrvc.exe 2704 1,008 K 3,240 K Intel® PROSet/Wireless Registry Service Intel Corporation
QTTask.exe 1924 800 K 2,624 K QuickTime Task Apple Inc.
PRISMXL.SYS 2600 584 K 1,976 K PrismXL Service New Boundary Technologies, Inc.
mDNSResponder.exe 824 1,348 K 3,864 K Bonjour Service Apple Inc.
mcrdsvc.exe 2940 996 K 3,272 K MCRD Device Service Microsoft Corporation
mbamservice.exe 2108 90,592 K 91,372 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 4012 3,228 K 5,732 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lxdmserv.exe 1856 760 K 2,392 K Lexmark Connect Service Executable Lexmark International, Inc.
lxdmcoms.exe 224 2,136 K 3,280 K Printer Communication System
jusched.exe 560 988 K 2,980 K Java™ Platform SE binary Sun Microsystems, Inc.
igfxtray.exe 3636 1,104 K 3,560 K igfxTray Module Intel Corporation
igfxsrvc.exe 2016 1,384 K 3,456 K igfxsrvc Module Intel Corporation
igfxpers.exe 3704 848 K 3,028 K persistence Module Intel Corporation
IAANTMon.exe 1808 556 K 1,676 K RAID Monitor Intel Corporation
IAAnotif.exe 3444 848 K 2,612 K Event Monitor User Notification Tool Intel Corporation
HPZipm12.exe 2568 680 K 1,992 K PML Driver HP
hkcmd.exe 3648 868 K 2,996 K hkcmd Module Intel Corporation
EvtEng.exe 2000 8,336 K 12,088 K Intel® PROSet/Wireless Event Log Intel Corporation
ehtray.exe 2428 2,536 K 1,264 K Media Center Tray Applet Microsoft Corporation
ehSched.exe 1332 1,652 K 5,044 K Media Center Scheduler Service Microsoft Corporation
ehrecvr.exe 908 2,636 K 4,808 K Media Center Receiver Service Microsoft Corporation
ehmsas.exe 2472 760 K 2,740 K Media Center Media Status Aggregator Service Microsoft Corporation
Dot1XCfg.exe 1844 9,560 K 14,308 K Intel 802.1x Server Intel Corporation
dllhost.exe 3200 2,416 K 6,460 K COM Surrogate Microsoft Corporation
csrss.exe 1396 1,880 K 4,576 K Client Server Runtime Process Microsoft Corporation
avp.exe 2124 13,456 K 3,952 K Kaspersky Anti-Virus Kaspersky Lab
alg.exe 3748 1,340 K 3,784 K Application Layer Gateway Service Microsoft Corporation

Edited by RKinner, 29 July 2011 - 07:52 PM.

#12
RKinner

Posted 19 July 2011 - 10:21 PM

Malware Expert

Expert
24,624 posts

From your Extras Log:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2

Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

I think you can safely uninstall these:

Browser Address Error Redirector

Windows Media Format Runtime 11 = for people who want to use the latest Windows Media Player codecs without installing Windows Media Player 11.

ZoneAlarm = Duplicates Kaspersky firewall see http://support.kaspe...se-article/2109 and also prone to hangs on startup. Bit of a resource hog and will slow your boot.

------
Napster = Is this the original P2P version or the latest subscription service?

Can you clear your event logs and then run Vino's:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events , No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#13
cocofruit

Posted 20 July 2011 - 12:45 AM

Member

Topic Starter
Member
19 posts

Hi Ron! All Done

Napster = Is this the original P2P version or the latest subscription service?

Answer: says 30 day trial subscription. 2 files in programs: Napster and Napster for Windows Media Player

------------------

Tried to remove Browser Address Error Redirector as you suggested in add/delete programs

Clicked Remove Button and it does nothing. Also no size listed on file, maybe empty.

------------------------------------------

Also, I'm running KAV. It is Kaspersky antivirus only---no Firewall. That is why I had zone alarm. If you can recommend another good free fire wall & where to download, I'd appreciate it. Used zone alarm for years.

------------------------------------------

Received a microsoft update after I rebooted. Hope this didn't cause a problem when I ran Vino's.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/07/2011 11:30:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----------------------------------------

Vino's Event Viewer v01c run on Windows XP in English
Report run at 19/07/2011 11:30:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/07/2011 11:28:05 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LOVEGIFT\Owner-1 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Edited by cocofruit, 20 July 2011 - 12:48 AM.

#14
RKinner

Posted 20 July 2011 - 01:46 AM

Malware Expert

Expert
24,624 posts

says 30 day trial subscription. 2 files in programs: Napster and Napster for Windows Media Player

Then remove them both.

The best free firewall is Online Armor. More reliable than ZA and doesn't try to foist an anti-virus or toolbar on you or take over your search engine.

http://www.online-ar...-armor-free.php

You need to install UPHClean http://support.microsoft.com/kb/837115

Ron

#15
cocofruit

Posted 20 July 2011 - 03:16 PM

Member

Topic Starter
Member
19 posts

Hi Ron! Once again--thank you for all your help!!

Removed napster files

Installed online armor & UPHClean <-----unsure what to do with this, pls advise

Uninstalled real player as you suggested and got this message:

********************************************************
The following files and/or directories could not be deleted.
********************************************************
C:\Program Files\Real\RealPlayer