« previous next »
Pages: 1 [2] 3 4 ... 10   Go Down

Author Topic: [Resolved] CPU Usage at 100% at random....And slows down computer nonstop  (Read 13192 times)

0 Members and 1 Guest are viewing this topic.

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #15 on: July 05, 2011, 06:00:17 PM »
I cant seem to find
aspdict-en.dat
ph_white.dat 
pc_im.dat 
Logged

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2149
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #16 on: July 05, 2011, 06:30:53 PM »
Hi Allen

Hope you had a good Holiday.  I'm not surprised you can't find them.  Some files are well hidden.   
Try this and see if it works:

Right click on the start menu and choose Open Windows Explorer.   Go to tools/folder options/view and click on Show Hidden Files .  Then uncheck Hide Protected Operating System Files and click OK.

Maybe you can find them now.  We'll see.

Go ahead and follow the rest of the post as well.


Logged
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #17 on: July 05, 2011, 10:12:42 PM »
I cant seem to find:
aspdict-en.dat
ph_white.dat
pc_im.dat 
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #18 on: July 06, 2011, 12:51:34 AM »
Look what i Found. This is the 1st result i got when you gave me the Codes for the CFScript.txt.

ComboFix 11-07-03.04 - Allen Ganan 07/04/2011   8:17.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1558 [GMT -7:00]
Running from: c:\documents and settings\Allen Ganan\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Allen Ganan\Desktop\CFScript.txt
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\aspdict-en.dat
c:\windows\System32\pc_im.dat
c:\windows\System32\ph_white.dat
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((   Files Created from 2011-06-05 to 2011-07-05  )))))))))))))))))))))))))))))))
.
.
2011-07-01 23:29 . 2011-07-01 23:29   --------   d-----w-   c:\program files\ESET
2011-07-01 01:53 . 2010-05-14 00:02   12960   ----a-w-   c:\windows\system32\drivers\bdrawpr.sys
2011-06-29 17:27 . 2011-06-29 17:27   --------   d-----w-   C:\devkitPro
2011-06-29 17:26 . 2010-08-25 03:39   560128   ----a-w-   c:\windows\system32\ScintillaNet.dll
2011-06-29 17:26 . 2010-08-25 03:39   560128   ----a-w-   c:\windows\ScintillaNet.dll
2011-06-29 17:26 . 2010-08-25 03:39   408576   ----a-w-   c:\windows\system32\SciLexer.dll
2011-06-29 17:26 . 2010-08-25 03:39   408576   ----a-w-   c:\windows\SciLexer.dll
2011-06-29 17:26 . 2011-06-29 18:05   --------   d-----w-   c:\program files\DS Game Maker
2011-06-25 07:38 . 2011-06-25 07:38   --------   d-----w-   c:\documents and settings\Allen Ganan\Application Data\Malwarebytes
2011-06-25 07:38 . 2011-05-29 16:11   39984   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 07:38 . 2011-06-25 07:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-25 07:38 . 2011-06-25 07:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-06-25 07:38 . 2011-05-29 16:11   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-06-24 16:53 . 2011-06-24 16:53   388096   ----a-r-   c:\documents and settings\Allen Ganan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-24 16:53 . 2011-06-24 16:53   --------   d-----w-   c:\program files\Trend Micro
2011-06-23 15:22 . 2011-06-23 15:22   2106216   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 15:22 . 2011-06-23 15:22   1998168   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-15 21:12 . 2011-06-15 21:12   --------   d-----w-   c:\documents and settings\Allen Ganan\Application Data\DVDVideoSoft
2011-06-15 18:47 . 2011-06-15 19:09   --------   d-----w-   C:\f9b94106da904dde15cf
2011-06-15 18:46 . 2011-06-15 20:13   --------   d-----w-   c:\windows\SxsCaPendDel
2011-06-14 22:17 . 2011-06-14 22:17   --------   d-----w-   C:\e0cb71dea09786d2c1
2011-06-14 21:49 . 2011-04-21 13:37   105472   -c----w-   c:\windows\system32\dllcache\mup.sys
2011-06-14 20:18 . 2011-06-14 20:18   --------   d-----w-   c:\program files\Common Files\Java
2011-06-12 06:40 . 2011-06-12 06:40   --------   d-----w-   c:\program files\iPod
2011-06-11 22:23 . 2011-06-11 22:24   --------   d-----w-   c:\program files\OpenSSH
2011-06-07 19:35 . 2011-06-07 19:35   103864   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 19:35 . 2011-06-07 19:35   103864   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 05:50 . 2010-09-18 07:52   587414   ----a-w-   c:\documents and settings\All Users\Application Data\bdinstall.bin
2011-06-15 18:26 . 2011-05-19 18:53   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 15:06 . 2009-12-16 23:49   4517664   ----a-w-   c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06 . 2009-12-16 23:49   42496   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2011-05-04 11:52 . 2011-06-01 23:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2009-09-01 03:03   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-08-06 21:39   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 11:00   151552   ----a-w-   c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-10 11:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2006-03-04 03:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 11:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 11:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 11:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 11:00   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
2011-04-19 00:54 . 2011-04-19 00:54   32   ----a-w-   C:\temp.tmp
2011-04-07 15:02 . 2010-09-18 13:15   353096   ----a-w-   c:\windows\system32\drivers\bdfsfltr.sys
2011-04-06 23:20 . 2011-04-06 23:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-07-08 17:37 . 2010-07-08 17:37   101544   ----a-w-   c:\program files\Common Files\LinkInstaller.exe
2011-06-23 15:22 . 2011-05-01 07:20   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-06-30_22.41.44   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-04 16:16 . 2011-07-04 16:16   16384              c:\windows\temp\Perflib_Perfdata_590.dat
- 2009-10-14 04:05 . 2011-06-30 20:58   28433              c:\windows\system32\secushr.dat
+ 2009-10-14 04:05 . 2011-07-05 07:35   28433              c:\windows\system32\secushr.dat
+ 2010-09-18 15:09 . 2011-07-01 01:10   57344              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\texticon.exe
- 2010-09-18 15:09 . 2011-06-27 20:51   57344              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\texticon.exe
+ 2010-09-18 15:09 . 2011-07-01 01:10   32768              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\maintenance_icon.exe
- 2010-09-18 15:09 . 2011-06-27 20:51   32768              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\maintenance_icon.exe
+ 2010-09-18 15:09 . 2011-07-01 01:10   61440              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\helpicon.exe
- 2010-09-18 15:09 . 2011-06-27 20:51   61440              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\helpicon.exe
+ 2009-10-24 04:33 . 2011-07-02 20:44   4428              c:\windows\system32\secustat.dat
- 2009-10-24 04:33 . 2011-06-28 23:22   4428              c:\windows\system32\secustat.dat
+ 2010-09-18 07:52 . 2010-07-27 19:50   253072              c:\windows\system32\drivers\Trufos.sys
+ 2010-09-18 15:09 . 2011-07-01 01:10   336782              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\register_icon.exe
- 2010-09-18 15:09 . 2011-06-27 20:51   336782              c:\windows\Installer\{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}\register_icon.exe
+ 2011-07-01 01:10 . 2011-07-01 01:10   2638336              c:\windows\Installer\32e621.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-14 39408]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2010-08-10 71216]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2010-08-12 1405584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Allen Ganan^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
path=c:\documents and settings\Allen Ganan\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
backup=c:\windows\pss\ViiKiiDesktopPlugin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59   937920   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02   37296   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2010-08-12 03:54   1405584   ----a-w-   c:\program files\BitDefender\BitDefender 2011\bdagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2010-08-10 20:56   71216   ----a-w-   c:\program files\BitDefender\BitDefender 2011\ieshow.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 10:12   94208   ----a-w-   c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39   5244216   ----a-w-   c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44   3883856   ------w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44   70936   ----a-w-   c:\documents and settings\Allen Ganan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 17:22   405504   ----a-w-   c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-14 03:14   39408   ------w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 19:48   761947   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WSearch"=2 (0x2)
"WRConsumerService"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"Arrakis3"=3 (0x3)
"BthServ"=2 (0x2)
"wlidsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"npggsvc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1cacd5d9246d54c"=2 (0x2)
"WebClient"=2 (0x2)
"McrdSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"getPlusHelper"=3 (0x3)
"nosGetPlusHelper"=3 (0x3)
"xmlprov"=3 (0x3)
"Update Server"=3 (0x3)
"VSSERV"=2 (0x2)
"Updatesrv"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49045:TCP"= 49045:TCP:SolidNetworkManager
"49045:UDP"= 49045:UDP:SolidNetworkManager
"21530:TCP"= 21530:TCP:*:Disabled:SolidNetworkManager
"21530:UDP"= 21530:UDP:*:Disabled:SolidNetworkManager
"58713:TCP"= 58713:TCP:Pando Media Booster
"58713:UDP"= 58713:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 bdrawpr;bdrawpr;c:\windows\system32\drivers\bdrawpr.sys [2010-05-14 12960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-04-22 149520]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-07-23 307544]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva288;XDva288;c:\windows\system32\XDva288.sys

R3 XDva296;XDva296;c:\windows\system32\XDva296.sys

R3 XDva332;XDva332;c:\windows\system32\XDva332.sys

R3 XDva358;XDva358;c:\windows\system32\XDva358.sys

R3 XDva365;XDva365;c:\windows\system32\XDva365.sys

R3 XDva370;XDva370;c:\windows\system32\XDva370.sys

R4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-06-28 633424]
R4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-06-28 970320]
R4 gupdate1cacd5d9246d54c;Google Update Service (gupdate1cacd5d9246d54c);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 133104]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 133104]
R4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-09 3387256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 OpenSSHd;OpenSSH Server;c:\program files\OpenSSH\bin\cygrunsrv.exe [2004-04-18 36864]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2010-08-10 42400]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys [2010-06-18 111696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
bdx   REG_MULTI_SZ      sysagent
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-07-05 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\GameBox.exe [2010-11-25 03:08]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 03:27]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 03:27]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\documents and settings\Allen Ganan\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\Allen Ganan\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\documents and settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-Switch - c:\program files\NCH Swift Sound\Switch\uninst.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\WININET.dll
c:\program files\BitDefender\BitDefender 2011\pchook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\BitDefender\BitDefender 2011\vsserv.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\OpenSSH\usr\sbin\sshd.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-05  01:06:33 - machine was rebooted
ComboFix-quarantined-files.txt  2011-07-05 08:06
ComboFix2.txt  2011-06-30 23:03
.
Pre-Run: 81,328,939,008 bytes free
Post-Run: 81,431,117,824 bytes free
.
- - End Of File - - 9788DDEB1DA4079546BD2F232E9AD507
Logged

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2149
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #19 on: July 06, 2011, 03:23:01 PM »
Hi Allen

Great.  I think we've got the sneaky little bugger on the run, but we have more bits of the virus still on your machine.  If we don't get them off, they will re-infect.  So let's do these steps now.

1. Please go to start/control panel/add or remove programs and completely uninstall these programs:

Viewpoint Media Player
µTorrent
SolidStateIONIE
Software Informer_is1
NCH_EN Toolbar
conduitEngine
B3EE3001-DC24-4cd1-8743-5692C716659F

Reboot your PC.

2.   Double click on the OTL icon to run it (Vista and Windows 7 users right click and select Run as  Administrator). Make sure all other windows are closed and to let it run uninterrupted. 

3.  In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".  On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked.  Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]
: OTL
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
[2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf
[2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1
[2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm
 [2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d
[2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/08/16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat

 [2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 [2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污

:FILES
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613  :reg
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = hex(7):0x95

:Commands
 [REBOOT]

4.  Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.  When the scan completes, it will open two notepad windows.  OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

5. Run MBAM again.  Be sure to update the program and run a full system scan.

6.  download ESET Online Scanner ESET Online Scanner and save it to your desktop.

7.  Double-click on esetsmartinstaller and then click Run.  Click Yes on the license and then Start.

8.  Be sure that ONLY the following items are checked:
   Remove found threats
   Scan for potentially unwanted applications
   Enable Anti-Stealth technology

Click Start.

It may take some time for the virus definitions to download and the scan to finish.  Do not click on the interface, download or install anything until the scan completes.  When the scan completes click Finish.

9.  Navigate to the following file path, C:\Program Files\ESET\ESET Online Scanner and Double-click on the log file.  Click File/Save As and name the file ESETLog.txt and save it to your desktop.


As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL.txt
Extras.txt
mbam-log-latest date
EsetLog.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well




Logged
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #20 on: July 07, 2011, 03:00:36 PM »
OTL logfile created on: 7/7/2011 1:11:00 PM - Run 6
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Documents and Settings\Allen Ganan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.44% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 75.90 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
 
Computer Name: ALLENSLAPTOP | User Name: Allen Ganan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/02 18:51:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
PRC - [2011/06/23 08:22:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/12/09 20:08:18 | 000,413,016 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBox.exe
PRC - [2010/08/11 20:54:48 | 001,405,584 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2010/08/10 13:59:58 | 001,885,040 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2010/08/10 13:59:44 | 000,042,400 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2010/08/10 13:57:26 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 16:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/04/19 13:19:12 | 000,277,504 | ---- | M] () -- C:\Program Files\OpenSSH\usr\sbin\sshd.exe
PRC - [2004/04/18 04:11:14 | 000,036,864 | ---- | M] () -- C:\Program Files\OpenSSH\bin\cygrunsrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/02 18:51:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/10 13:57:24 | 000,015,624 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchook32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/10 13:59:58 | 001,885,040 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2010/08/10 13:59:44 | 000,042,400 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (UPDATESRV)
SRV - [2010/07/23 09:51:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/09 09:59:00 | 003,387,256 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2004/04/18 04:11:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/07 08:02:12 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/07/27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2010/06/30 15:44:12 | 000,067,152 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2010/06/28 12:55:42 | 000,970,320 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2010/06/28 12:55:36 | 000,633,424 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2010/06/18 19:11:40 | 000,126,416 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010/06/18 16:11:42 | 000,111,696 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/05/13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (bdrawpr)
DRV - [2010/04/22 13:19:50 | 000,149,520 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (BDFM)
DRV - [2009/12/12 16:49:31 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/09 06:19:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/02/09 21:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 17:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/10/03 12:57:00 | 000,086,867 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/04/06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/10 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: CSWebLauncher@cyberstep.com:1.0.0.10
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/09/18 09:59:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/06/30 17:56:58 | 000,000,000 | ---D | M]
 
[2010/03/12 16:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Extensions
[2011/06/29 12:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions
[2011/01/21 22:42:30 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2010/04/29 17:56:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 00:10:11 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011/06/24 09:32:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/06/30 23:47:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/12 19:26:24 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010/04/03 22:26:49 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}(2)
[2011/06/22 01:21:56 | 000,000,000 | ---D | M] ("CS Web Launcher") -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\CSWebLauncher@cyberstep.com
[2011/05/19 12:25:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\engine@conduit.com
[2010/03/19 21:43:10 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\illimitux@illimitux.net
[2010/11/25 23:57:21 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\LogMeInClient@logmein.com
[2011/05/01 00:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\nostmp
[2011/06/14 13:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/01 16:13:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/14 13:18:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLEN GANAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DWKJDL6C.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLEN GANAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DWKJDL6C.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2009/08/31 20:02:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 08:22:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/16 18:28:58 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/07/05 22:57:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe (Trend Media Corporation Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Allen Ganan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allen Ganan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/06 14:42:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/06 23:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Aris
[2011/07/06 23:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\registry backup
[2011/07/06 23:12:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/06 23:12:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allen Ganan\Recent
[2011/07/05 22:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/05 09:13:24 | 004,131,692 | R--- | C] (Swearware) -- C:\Documents and Settings\Allen Ganan\Desktop\ComboFix.exe
[2011/07/03 00:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Iphone stuff
[2011/07/02 23:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Stuff
[2011/07/02 18:51:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
[2011/07/01 16:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/01 16:26:02 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Allen Ganan\Desktop\esetsmartinstaller_enu.exe
[2011/07/01 08:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\New Folder (2)
[2011/06/30 18:53:01 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2011/06/29 10:27:14 | 000,000,000 | ---D | C] -- C:\devkitPro
[2011/06/29 10:26:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\WINDOWS\System32\ScintillaNet.dll
[2011/06/29 10:26:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\WINDOWS\ScintillaNet.dll
[2011/06/29 10:26:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\WINDOWS\System32\SciLexer.dll
[2011/06/29 10:26:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\WINDOWS\SciLexer.dll
[2011/06/29 10:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\DS Game Maker
[2011/06/28 19:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\New Folder
[2011/06/25 20:54:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/25 20:00:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/25 20:00:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/25 20:00:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/25 20:00:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/25 19:59:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/25 19:58:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/25 00:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Application Data\Malwarebytes
[2011/06/25 00:38:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 00:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 00:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 00:38:19 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 00:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/24 09:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/24 09:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Start Menu\Programs\HiJackThis
[2011/06/15 14:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoft
[2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf
[2011/06/15 11:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1
[2011/06/14 14:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Jake hamilton - Freedom Calling
[2011/06/14 13:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/12 00:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/11 23:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/11 15:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSSH for Windows
[2011/06/11 15:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSSH
[2011/06/11 10:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Aj Rafael - Red Roses
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/07 13:15:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 00:03:08 | 000,004,428 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2011/07/06 23:33:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/06 23:33:26 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/07/06 23:30:33 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/07/06 23:29:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/06 23:29:51 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 20:32:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/06 10:54:37 | 000,028,140 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2011/07/05 22:57:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/05 14:37:51 | 004,131,692 | R--- | M] (Swearware) -- C:\Documents and Settings\Allen Ganan\Desktop\ComboFix.exe
[2011/07/02 20:21:57 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Application Dataprivacy.xml
[2011/07/02 18:51:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
[2011/07/01 16:26:02 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Allen Ganan\Desktop\esetsmartinstaller_enu.exe
[2011/07/01 11:54:54 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\HiJackThis.lnk
[2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 22:50:15 | 000,587,414 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/06/30 18:02:39 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2011.lnk
[2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm
[2011/06/29 11:17:55 | 008,621,734 | ---- | M] () -- C:\Hit Me Reborn.nds
[2011/06/29 11:06:55 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\My Documents\untitled.PNG
[2011/06/29 10:50:19 | 000,000,229 | ---- | M] () -- C:\Sprite_Edit.PNG
[2011/06/29 00:17:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 20:54:09 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/25 00:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/22 00:58:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 00:41:43 | 000,503,240 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 00:41:43 | 000,087,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 14:13:16 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/15 13:51:00 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free YouTube to MP3 Converter.lnk
[2011/06/15 13:51:00 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free Audio CD Burner.lnk
[2011/06/15 00:35:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/12 00:06:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/11 15:21:38 | 002,438,830 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\setupssh.exe
[2011/06/07 18:32:49 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #21 on: July 07, 2011, 03:03:17 PM »
========== Files Created - No Company Name ==========
 
[2011/06/29 12:19:11 | 008,619,663 | ---- | C] () -- C:\Scorerererererer.dsgm
[2011/06/29 11:17:43 | 008,621,734 | ---- | C] () -- C:\Hit Me Reborn.nds
[2011/06/29 11:06:54 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\My Documents\untitled.PNG
[2011/06/29 10:50:18 | 000,000,229 | ---- | C] () -- C:\Sprite_Edit.PNG
[2011/06/25 20:54:09 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/25 20:54:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/25 20:00:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/25 20:00:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/25 20:00:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/25 20:00:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/25 20:00:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/25 00:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 09:53:36 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\HiJackThis.lnk
[2011/06/15 13:51:00 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free YouTube to MP3 Converter.lnk
[2011/06/15 13:51:00 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free Audio CD Burner.lnk
[2011/06/12 00:06:50 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/11 15:21:09 | 002,438,830 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\setupssh.exe
[2010/12/27 01:16:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Application Data\winscp.rnd
[2010/12/21 22:43:48 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/12/21 22:43:47 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/10/11 20:56:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/18 00:52:30 | 000,587,414 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/08/16 15:27:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Application Data\bdfvconp.ini
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/23 03:20:00 | 000,268,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/12 16:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d
[2009/12/19 11:09:08 | 000,056,280 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 16:02:37 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 16:49:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/10/23 21:33:02 | 000,004,428 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2009/10/13 21:05:17 | 000,028,140 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2009/10/13 20:15:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 12:17:38 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/08/07 07:31:33 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/08/06 18:26:56 | 000,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/08/06 18:26:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/08/06 18:13:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/08/06 18:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/06 17:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/08/06 17:51:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/08/06 15:41:38 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/08/06 15:16:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/06 15:05:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/06 14:54:16 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\fusioncache.dat
[2009/08/06 14:46:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/06 14:38:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/06 07:29:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/06 07:27:50 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/06 11:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,503,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,087,158 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
 
========== LOP Check ==========
 
[2009/08/06 18:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/13 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/09/25 07:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2010/12/10 18:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/11/27 15:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/06 14:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/11/24 17:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/15 22:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/10 08:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/12/10 08:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/10/11 17:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/11/25 19:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
[2011/06/03 11:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/03 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/12 14:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/16 16:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/06 18:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\acccore
[2011/07/06 23:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Auslogics
[2010/09/18 06:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\BitDefender
[2011/07/07 00:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\BITS
[2010/12/22 10:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\BugTrap Console Test108
[2009/11/27 15:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\DassaultSystemes
[2011/06/15 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoft
[2011/06/15 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers
[2010/06/25 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Facebook
[2010/04/02 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\FlashGet
[2010/04/12 15:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO
[2010/08/21 13:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\FOG Downloader
[2009/10/13 20:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Free Download Manager
[2011/03/11 12:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\GetRightToGo
[2010/11/24 17:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\IObit
[2011/01/12 17:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Kalydo
[2010/01/05 07:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\mjusbsp
[2010/05/06 20:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Octoshape
[2010/10/26 09:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\OpenCandy
[2010/09/18 06:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\QuickScan
[2010/11/25 19:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Sling Media
[2010/09/17 23:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Uniblue
[2011/07/03 18:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\uTorrent
[2010/07/30 14:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2009/10/23 06:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Windows Desktop Search
[2009/10/23 06:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Windows Search
[2009/11/17 21:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Wizards of the Coast
[2011/07/06 23:33:26 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< : OTL >
 
< O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) >
 
< [2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf >
Invalid Switch: 15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf

 
< [2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1 >
Invalid Switch: 14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1

 
< [2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
< [2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm >
Invalid Switch: 29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm

 
<  [2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d >
Invalid Switch: 02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d

 
< [2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
< [2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat >
Invalid Switch: 16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat

 
< [2010/08/16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat >
Invalid Switch: 16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat

 
<  >
 
<  [2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 [2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 >
Invalid Switch: 10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그

 
< [2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污 >
Invalid Switch: 18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污

 
<  >
 
< :FILES >
 
< @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B >
 
< @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613  :reg >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = hex(7):0x95 >
 
<  >
 
< :Commands >
 
<  [REBOOT] >
 
========== Files - Unicode (All) ==========
[2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\?? ???) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\?? ???) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\?????) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #22 on: July 07, 2011, 03:08:36 PM »
OTL Extras logfile created on: 7/7/2011 1:11:00 PM - Run 6
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Documents and Settings\Allen Ganan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.44% Memory free
3.84 Gb Paging File | 3.20 Gb Available in Paging File | 83.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 75.90 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
 
Computer Name: ALLENSLAPTOP | User Name: Allen Ganan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"49045:TCP" = 49045:TCP:*:Enabled:SolidNetworkManager
"49045:UDP" = 49045:UDP:*:Enabled:SolidNetworkManager
"21530:TCP" = 21530:TCP:*:Disabled:SolidNetworkManager
"21530:UDP" = 21530:UDP:*:Disabled:SolidNetworkManager
"58713:TCP" = 58713:TCP:*:Enabled:Pando Media Booster
"58713:UDP" = 58713:UDP:*:Enabled:Pando Media Booster
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60C1AF18-EA45-7488-5C95-4EC64F93B727}" = ViiKii Desktop Plug-in
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5790265-B654-4377-9EF0-085A6AB6FA8E}" = Plants Vs. Zombies
"{BB1BB276-62F2-4CE2-8CDA-D81F9260CD31}_is1" = DS Game Maker version 5.12
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}" = BitDefender Internet Security 2011
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitDefender" = BitDefender Internet Security 2011
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"FlashGet 3.3" = FlashGet 3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.2
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"Kingdom Hearts II" = Kingdom Hearts II ?????????
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"OpenSSH" = OpenSSH for Windows (remove only)
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"VLC media player" = VLC media player 1.0.3
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Facebook Plug-In" = Facebook Plug-In
"KalydoPlayer" = Kalydo Player 3.08.01
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/30/2011 5:31:31 PM | Computer Name = ALLENSLAPTOP | Source = Update Server | ID = 131073
Description =
 
Error - 5/30/2011 5:53:29 PM | Computer Name = ALLENSLAPTOP | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 5/31/2011 12:49:58 AM | Computer Name = ALLENSLAPTOP | Source = Update Server | ID = 131073
Description =
 
Error - 5/31/2011 12:51:17 AM | Computer Name = ALLENSLAPTOP | Source = CardSpace 3.0.0.0 | ID = 327944
Description = A key which was used to decrypt the store was invalid
 
Error - 6/14/2011 3:15:54 AM | Computer Name = ALLENSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module urlmon.dll, version 8.0.6001.19048, fault address 0x00028d3c.
 
Error - 6/14/2011 7:00:59 PM | Computer Name = ALLENSLAPTOP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - 1>Failed to compile: System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 . Error code = 0x800706be 
 
Error - 6/14/2011 7:01:09 PM | Computer Name = ALLENSLAPTOP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - 1>Failed to compile: System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 . Error code = 0x800706be 
 
Error - 6/15/2011 3:30:50 AM | Computer Name = ALLENSLAPTOP | Source = MsiInstaller | ID = 11704
Description = Product: Adobe Reader 9.4.5 -- Error 1704.An installation for Microsoft
 .NET Framework 4 Client Profile is currently suspended.  You must undo the changes
 made by that installation to continue.  Do you want to undo those changes?
 
Error - 6/15/2011 6:57:43 AM | Computer Name = ALLENSLAPTOP | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 6/15/2011 8:03:30 PM | Computer Name = ALLENSLAPTOP | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An
 installation for Microsoft .NET Framework 4 Client Profile is currently suspended.
  You must undo the changes made by that installation to continue.  Do you want
to undo those changes?
 
[ System Events ]
Error - 7/6/2011 2:57:29 PM | Computer Name = ALLENSLAPTOP | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 172.16.1.34,  since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 7/6/2011 5:15:00 PM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1cacd5d9246d54c
 with arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 7/6/2011 10:15:00 PM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1cacd5d9246d54c
 with arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 7/7/2011 2:30:29 AM | Computer Name = ALLENSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The BDFM service failed to start due to the following error:   %%1058
 
Error - 7/7/2011 2:30:29 AM | Computer Name = ALLENSLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   bdfsfltr  bdrawpr
 
Error - 7/7/2011 2:30:33 AM | Computer Name = ALLENSLAPTOP | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 172.16.1.34,  since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 7/7/2011 3:15:02 AM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1cacd5d9246d54c
 with arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 7/7/2011 4:20:20 AM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments ""  in order to run the server:  {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
 
Error - 7/7/2011 8:15:14 AM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1cacd5d9246d54c
 with arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 7/7/2011 1:15:17 PM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1cacd5d9246d54c
 with arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
 
< End of report >
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #23 on: July 07, 2011, 03:10:14 PM »
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7038

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/7/2011 1:58:18 AM
mbam-log-2011-07-07 (01-58-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 239587
Time elapsed: 1 hour(s), 55 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)











ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=94bb388a89208646944cc76f065442ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-02 11:27:47
# local_time=2011-07-02 04:27:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=92050
# found=3
# cleaned=3
# scan_time=41493
C:\Documents and Settings\Allen Ganan\Desktop\WBFS GUI Intelligent\wbfs_inteligent_gui_v6.exe   Win32/Packed.Autoit.E.Gen application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Allen Ganan\My Documents\Downloads\speedupmypc.exe   Win32/SpeedUpMyPC application (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{7083DC9F-D01C-4B07-99BB-A568EFA0D429}\RP188\A0098672.exe   Win32/Packed.Autoit.E.Gen application (deleted - quarantined)   00000000000000000000000000000000   C
DLL:pipe not connected. attempts=120
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=94bb388a89208646944cc76f065442ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-07 08:05:49
# local_time=2011-07-07 01:05:49 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 185053 185053 0 0
# compatibility_mode=8192 67108863 100 0 391683 391683 0 0
# scanned=91802
# found=0
# cleaned=0
# scan_time=28113
Logged

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2149
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #24 on: July 08, 2011, 12:52:28 PM »
Hi Allen

There is nothing sweet about humble pie.  I made an error in your last post and inadvertently placed a space where it should not have been.  Hence the files I wanted to delete did not get deleted.  Sorry for this extra effort for you.  Please run the following again.

1.   Double click on the OTL icon to run it (Vista and Windows 7 users right click and select Run as  Administrator). Make sure all other windows are closed and to let it run uninterrupted. 

2.  In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".  On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked.  Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]
:OTL
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
[2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf
[2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1
[2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm
[2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d
[2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/08/16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 [2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = hex(7):0x95

:FILES

:Commands
 [REBOOT]

3.  Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.  When the scan completes, it will open two notepad windows.  OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

4. Run MBAM again.  Be sure to update the program and run a full system scan.

5.  Run ESET Online Scanner  again.

6.  Be sure that ONLY the following items are checked:
   Remove found threats
   Scan for potentially unwanted applications
   Enable Anti-Stealth technology

Click Start.

It may take some time for the virus definitions to download and the scan to finish.  Do not click on the interface, download or install anything until the scan completes.  When the scan completes click Finish.

7.  Navigate to the following file path, C:\Program Files\ESET\ESET Online Scanner and Double-click on the log file.  Click File/Save As and name the file ESETLog.txt and save it to your desktop.


As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL.txt
Extras.txt
mbam-log-latest date
EsetLog.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well





Logged
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #25 on: July 08, 2011, 04:26:05 PM »
OTL logfile created on: 7/8/2011 12:21:06 PM - Run 7
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Documents and Settings\Allen Ganan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.70% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.06 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
 
Computer Name: ALLENSLAPTOP | User Name: Allen Ganan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/07/07 21:45:25 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2011/07/07 21:45:18 | 001,118,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2011/07/07 21:44:31 | 001,198,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2011/07/02 18:51:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/12/09 20:08:18 | 000,413,016 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBox.exe
PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2009/12/22 01:48:32 | 002,127,408 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/20 16:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/04/19 13:19:12 | 000,277,504 | ---- | M] () -- C:\Program Files\OpenSSH\usr\sbin\sshd.exe
PRC - [2004/04/18 04:11:14 | 000,036,864 | ---- | M] () -- C:\Program Files\OpenSSH\bin\cygrunsrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/07/02 18:51:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/07/07 21:45:25 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/09 09:59:00 | 003,387,256 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2004/04/18 04:11:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/07/07 21:46:11 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/07/07 21:46:08 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2011/07/07 21:45:49 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2011/07/07 21:45:40 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/12 16:49:31 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/01/09 06:19:16 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/02/09 21:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 17:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/10/03 12:57:00 | 000,086,867 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/04/06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: CSWebLauncher@cyberstep.com:1.0.0.10
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/07/07 22:30:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/07 20:22:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010/03/12 16:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Extensions
[2011/06/29 12:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions
[2011/01/21 22:42:30 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2010/04/29 17:56:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 00:10:11 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011/06/24 09:32:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/06/30 23:47:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/12 19:26:24 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010/04/03 22:26:49 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}(2)
[2011/06/22 01:21:56 | 000,000,000 | ---D | M] ("CS Web Launcher") -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\CSWebLauncher@cyberstep.com
[2011/05/19 12:25:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\engine@conduit.com
[2010/03/19 21:43:10 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\illimitux@illimitux.net
[2010/11/25 23:57:21 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\LogMeInClient@logmein.com
[2011/05/01 00:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Allen Ganan\Application Data\Mozilla\Firefox\Profiles\dwkjdl6c.default\extensions\nostmp
[2011/07/07 20:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLEN GANAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DWKJDL6C.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLEN GANAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DWKJDL6C.DEFAULT\EXTENSIONS\{6E73F6B7-B9AB-44B8-B744-6393E3C2E351}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALLEN GANAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DWKJDL6C.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2009/08/31 20:02:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/07/05 22:57:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe (Trend Media Corporation Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Allen Ganan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Allen Ganan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/06 14:42:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/07/08 11:50:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/07/07 21:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 2010
[2011/07/07 21:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/07/07 21:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Application Data\BitDefender
[2011/07/07 21:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/07/07 20:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\AppData
[2011/07/07 20:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2011/07/07 20:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/07 17:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\PICS
[2011/07/06 23:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Aris
[2011/07/06 23:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\registry backup
[2011/07/06 23:12:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/06 23:12:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Allen Ganan\Recent
[2011/07/05 22:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/05 09:13:24 | 004,131,692 | R--- | C] (Swearware) -- C:\Documents and Settings\Allen Ganan\Desktop\ComboFix.exe
[2011/07/03 00:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Iphone stuff
[2011/07/02 23:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Stuff
[2011/07/02 18:51:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
[2011/07/01 16:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/01 16:26:02 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Allen Ganan\Desktop\esetsmartinstaller_enu.exe
[2011/06/29 10:27:14 | 000,000,000 | ---D | C] -- C:\devkitPro
[2011/06/29 10:26:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\WINDOWS\System32\ScintillaNet.dll
[2011/06/29 10:26:45 | 000,560,128 | ---- | C] (ScintillaNet Team) -- C:\WINDOWS\ScintillaNet.dll
[2011/06/29 10:26:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\WINDOWS\System32\SciLexer.dll
[2011/06/29 10:26:45 | 000,408,576 | ---- | C] (Neil Hodgson neilh@scintilla.org) -- C:\WINDOWS\SciLexer.dll
[2011/06/29 10:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\DS Game Maker
[2011/06/28 19:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\New Folder
[2011/06/25 20:54:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/25 20:00:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/25 20:00:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/25 20:00:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/25 20:00:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/25 19:59:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/25 19:58:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/25 00:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Application Data\Malwarebytes
[2011/06/25 00:38:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 00:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 00:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 00:38:19 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 00:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/24 09:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/24 09:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Start Menu\Programs\HiJackThis
[2011/06/15 14:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoft
[2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf
[2011/06/15 11:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1
[2011/06/14 14:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Allen Ganan\Desktop\Jake hamilton - Freedom Calling
[2011/06/14 13:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/12 00:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/11 23:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/11 15:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSSH for Windows
[2011/06/11 15:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSSH
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/07/08 12:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 11:50:44 | 000,000,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/07/08 11:50:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 11:50:34 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/07/08 11:49:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/08 11:49:55 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 08:02:41 | 000,004,428 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2011/07/08 00:01:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2011/07/08 00:01:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2011/07/07 22:32:19 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Application Dataprivacy.xml
[2011/07/07 21:59:52 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2011/07/07 21:46:08 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2011/07/07 21:05:09 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2011/07/07 20:22:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/07 20:22:53 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/07 18:28:11 | 000,605,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/07/07 17:20:51 | 000,028,433 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2011/07/06 20:32:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/05 22:57:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/05 14:37:51 | 004,131,692 | R--- | M] (Swearware) -- C:\Documents and Settings\Allen Ganan\Desktop\ComboFix.exe
[2011/07/02 18:51:18 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Allen Ganan\Desktop\OTL.exe
[2011/07/01 16:26:02 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Allen Ganan\Desktop\esetsmartinstaller_enu.exe
[2011/07/01 11:54:54 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\HiJackThis.lnk
[2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm
[2011/06/29 11:17:55 | 008,621,734 | ---- | M] () -- C:\Hit Me Reborn.nds
[2011/06/29 11:06:55 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\My Documents\untitled.PNG
[2011/06/29 10:50:19 | 000,000,229 | ---- | M] () -- C:\Sprite_Edit.PNG
[2011/06/29 00:17:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 20:54:09 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/25 00:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/22 00:58:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 00:41:43 | 000,503,240 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 00:41:43 | 000,087,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 14:13:16 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/15 13:51:00 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free YouTube to MP3 Converter.lnk
[2011/06/15 13:51:00 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free Audio CD Burner.lnk
[2011/06/15 00:35:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/12 00:06:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/11 15:21:38 | 002,438,830 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Desktop\setupssh.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #26 on: July 08, 2011, 04:31:36 PM »
========== Files Created - No Company Name ==========
 
[2011/07/08 08:00:58 | 2138,505,216 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/08 00:01:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2011/07/08 00:01:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2011/07/07 21:05:09 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2011/07/07 20:22:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/07 20:22:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/07 20:22:53 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/29 12:19:11 | 008,619,663 | ---- | C] () -- C:\Scorerererererer.dsgm
[2011/06/29 11:17:43 | 008,621,734 | ---- | C] () -- C:\Hit Me Reborn.nds
[2011/06/29 11:06:54 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\My Documents\untitled.PNG
[2011/06/29 10:50:18 | 000,000,229 | ---- | C] () -- C:\Sprite_Edit.PNG
[2011/06/25 20:54:09 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/25 20:54:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/25 20:00:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/25 20:00:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/25 20:00:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/25 20:00:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/25 20:00:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/25 00:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 09:53:36 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\HiJackThis.lnk
[2011/06/15 13:51:00 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free YouTube to MP3 Converter.lnk
[2011/06/15 13:51:00 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\Free Audio CD Burner.lnk
[2011/06/12 00:06:50 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/11 15:21:09 | 002,438,830 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Desktop\setupssh.exe
[2010/12/27 01:16:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Application Data\winscp.rnd
[2010/12/21 22:43:48 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/12/21 22:43:47 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/10/11 20:56:36 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/18 00:52:30 | 000,605,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/08/16 15:27:56 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Application Data\bdfvconp.ini
[2010/06/23 03:20:00 | 000,268,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/12 16:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d
[2009/12/19 11:09:08 | 000,056,280 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 16:02:37 | 000,004,876 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/12 16:49:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/10/23 21:33:02 | 000,004,428 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2009/10/13 21:05:17 | 000,028,433 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2009/10/13 20:15:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 12:17:38 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/08/07 07:31:33 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/08/06 18:26:56 | 000,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/08/06 18:26:52 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/08/06 18:13:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/08/06 18:08:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/06 17:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/08/06 17:51:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/08/06 15:41:38 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/08/06 15:16:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/06 15:05:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/06 14:54:16 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\fusioncache.dat
[2009/08/06 14:46:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/06 14:38:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/06 07:29:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/06 07:27:50 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/06 11:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 21:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,503,240 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,087,158 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
 
========== LOP Check ==========
 
[2009/08/06 18:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/13 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/07/07 21:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/11/27 15:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/08/06 14:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/11/24 17:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/15 22:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/10 08:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/12/10 08:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/10/11 17:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/11/25 19:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
[2011/06/03 11:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/03 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/12 14:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/16 16:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/06 18:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\acccore
[2011/07/06 23:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Auslogics
[2011/07/07 21:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\BitDefender
[2011/07/08 11:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\BITS
[2010/12/22 10:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\BugTrap Console Test108
[2009/11/27 15:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\DassaultSystemes
[2011/06/15 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoft
[2011/06/15 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\DVDVideoSoftIEHelpers
[2010/06/25 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Facebook
[2010/04/02 15:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\FlashGet
[2010/04/12 15:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\FlashGetBHO
[2010/08/21 13:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\FOG Downloader
[2009/10/13 20:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Free Download Manager
[2011/03/11 12:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\GetRightToGo
[2010/11/24 17:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\IObit
[2011/01/12 17:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Kalydo
[2010/01/05 07:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\mjusbsp
[2010/05/06 20:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Octoshape
[2010/10/26 09:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\OpenCandy
[2010/09/18 06:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\QuickScan
[2010/11/25 19:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Sling Media
[2010/09/17 23:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Uniblue
[2011/07/03 18:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\uTorrent
[2010/07/30 14:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2009/10/23 06:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Windows Desktop Search
[2009/10/23 06:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Windows Search
[2009/11/17 21:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Allen Ganan\Application Data\Wizards of the Coast
[2011/07/08 11:50:34 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) >
 
< [2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf >
Invalid Switch: 15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf

 
< [2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1 >
Invalid Switch: 14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1

 
< [2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
< [2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm >
Invalid Switch: 29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm

 
< [2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d >
Invalid Switch: 02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d

 
< [2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
< [2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat >
Invalid Switch: 16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat

 
< [2010/08/16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat >
Invalid Switch: 16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat

 
< [2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat >
Invalid Switch: 16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat

 
< [2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 [2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 >
Invalid Switch: 10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그

 
< [2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污 >
Invalid Switch: 18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污

 
< @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B >
 
< @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613   >
 
< O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = hex(7):0x95 >
 
<  >
 
< :FILES >
 
<  >
 
< :Commands >
 
<  [REBOOT] >
 
========== Files - Unicode (All) ==========
[2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\?? ???) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\?? ???) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\?????) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #27 on: July 08, 2011, 04:34:38 PM »
OTL Extras logfile created on: 7/8/2011 12:21:06 PM - Run 7
OTL by OldTimer - Version 3.2.25.0     Folder = C:\Documents and Settings\Allen Ganan\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.70% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.06 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
 
Computer Name: ALLENSLAPTOP | User Name: Allen Ganan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"49045:TCP" = 49045:TCP:*:Enabled:SolidNetworkManager
"49045:UDP" = 49045:UDP:*:Enabled:SolidNetworkManager
"21530:TCP" = 21530:TCP:*:Disabled:SolidNetworkManager
"21530:UDP" = 21530:UDP:*:Disabled:SolidNetworkManager
"58713:TCP" = 58713:TCP:*:Enabled:Pando Media Booster
"58713:UDP" = 58713:UDP:*:Enabled:Pando Media Booster
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60C1AF18-EA45-7488-5C95-4EC64F93B727}" = ViiKii Desktop Plug-in
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5790265-B654-4377-9EF0-085A6AB6FA8E}" = Plants Vs. Zombies
"{BB1BB276-62F2-4CE2-8CDA-D81F9260CD31}_is1" = DS Game Maker version 5.12
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"FlashGet 3.3" = FlashGet 3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.2
"Free Studio_is1" = Free Studio version 5.0.10
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"Kingdom Hearts II" = Kingdom Hearts II ?????????
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenSSH" = OpenSSH for Windows (remove only)
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"VLC media player" = VLC media player 1.0.3
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Facebook Plug-In" = Facebook Plug-In
"KalydoPlayer" = Kalydo Player 3.08.01
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/30/2011 5:31:31 PM | Computer Name = ALLENSLAPTOP | Source = Update Server | ID = 131073
Description =
 
Error - 5/30/2011 5:53:29 PM | Computer Name = ALLENSLAPTOP | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 5/31/2011 12:49:58 AM | Computer Name = ALLENSLAPTOP | Source = Update Server | ID = 131073
Description =
 
Error - 5/31/2011 12:51:17 AM | Computer Name = ALLENSLAPTOP | Source = CardSpace 3.0.0.0 | ID = 327944
Description = A key which was used to decrypt the store was invalid
 
Error - 6/14/2011 3:15:54 AM | Computer Name = ALLENSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module urlmon.dll, version 8.0.6001.19048, fault address 0x00028d3c.
 
Error - 6/14/2011 7:00:59 PM | Computer Name = ALLENSLAPTOP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - 1>Failed to compile: System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 . Error code = 0x800706be 
 
Error - 6/14/2011 7:01:09 PM | Computer Name = ALLENSLAPTOP | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)
 - 1>Failed to compile: System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 . Error code = 0x800706be 
 
Error - 6/15/2011 3:30:50 AM | Computer Name = ALLENSLAPTOP | Source = MsiInstaller | ID = 11704
Description = Product: Adobe Reader 9.4.5 -- Error 1704.An installation for Microsoft
 .NET Framework 4 Client Profile is currently suspended.  You must undo the changes
 made by that installation to continue.  Do you want to undo those changes?
 
Error - 6/15/2011 6:57:43 AM | Computer Name = ALLENSLAPTOP | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 6/15/2011 8:03:30 PM | Computer Name = ALLENSLAPTOP | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1704.An
 installation for Microsoft .NET Framework 4 Client Profile is currently suspended.
  You must undo the changes made by that installation to continue.  Do you want
to undo those changes?
 
[ System Events ]
Error - 7/8/2011 10:56:07 AM | Computer Name = ALLENSLAPTOP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
 failed to start because of the following error:   %%31
 
Error - 7/8/2011 10:56:07 AM | Computer Name = ALLENSLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  APPDRV  bdfsfltr  bdftdif  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  OMCI  RasAcd  Rdbss  Tcpip
Tosrfcom
 
Error - 7/8/2011 10:56:10 AM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
 arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 7/8/2011 11:00:00 AM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 7/8/2011 11:02:30 AM | Computer Name = ALLENSLAPTOP | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 172.16.1.34,  since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 7/8/2011 11:15:03 AM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate1cacd5d9246d54c
 with arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 7/8/2011 2:50:44 PM | Computer Name = ALLENSLAPTOP | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 172.16.1.34,  since
 the IP address is outside the 192.168.0.0/255.255.255.0 scope  from which addresses
 are being allocated to DHCP clients.  To enable the DHCP allocator on this IP address,
please
 change the scope to include the IP address,  or change the IP address to fall within
 the scope.
 
Error - 7/8/2011 2:51:43 PM | Computer Name = ALLENSLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
 with arguments ""  in order to run the server:  {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 7/8/2011 2:51:45 PM | Computer Name = ALLENSLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.
 
Error - 7/8/2011 2:51:45 PM | Computer Name = ALLENSLAPTOP | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
   %%1053
 
 
< End of report >
Logged

Offline All3n5790

  • Bronze Member
  • Posts: 81
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #28 on: July 08, 2011, 04:35:59 PM »
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7050

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2011 1:20:18 PM
mbam-log-2011-07-08 (13-20-18).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 236517
Time elapsed: 43 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)












ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=94bb388a89208646944cc76f065442ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-02 11:27:47
# local_time=2011-07-02 04:27:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=92050
# found=3
# cleaned=3
# scan_time=41493
C:\Documents and Settings\Allen Ganan\Desktop\WBFS GUI Intelligent\wbfs_inteligent_gui_v6.exe   Win32/Packed.Autoit.E.Gen application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Allen Ganan\My Documents\Downloads\speedupmypc.exe   Win32/SpeedUpMyPC application (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{7083DC9F-D01C-4B07-99BB-A568EFA0D429}\RP188\A0098672.exe   Win32/Packed.Autoit.E.Gen application (deleted - quarantined)   00000000000000000000000000000000   C
DLL:pipe not connected. attempts=120
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=94bb388a89208646944cc76f065442ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-07 08:05:49
# local_time=2011-07-07 01:05:49 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 185053 185053 0 0
# compatibility_mode=8192 67108863 100 0 391683 391683 0 0
# scanned=91802
# found=0
# cleaned=0
# scan_time=28113
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=94bb388a89208646944cc76f065442ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-08 10:03:27
# local_time=2011-07-08 03:03:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 300621 300621 0 0
# compatibility_mode=8192 67108863 100 0 507251 507251 0 0
# scanned=88700
# found=0
# cleaned=0
# scan_time=5974
Logged

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2149
Re: [In Progress]CPU Usage at 100% at random....And slows down computer nonstop
« Reply #29 on: July 09, 2011, 01:11:59 PM »
Hi Allen

Well once again OTL did not delete the files.  This has not happened before and after some research I found the program had made some changes.  OTL no longer recognizes the delete function in scan mode.  So there is a small extra step involved.  So once more please.

1.   Double click on the OTL icon to run it (Vista and Windows 7 users right click and select Run as  Administrator). Make sure all other windows are closed and to let it run uninterrupted. 

2.  In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".  On the upper right be sure Use Company-Name WhiteList and Skip Microsoft Files are checked.  Copy the code in the code box below and paste it into the Custom Scan box .

Code: [Select]
:OTL
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
[2011/06/15 11:47:51 | 000,000,000 | ---D | C] -- C:\f9b94106da904dde15cf
[2011/06/14 15:17:21 | 000,000,000 | ---D | C] -- C:\e0cb71dea09786d2c1
[2011/07/01 08:50:38 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 12:19:11 | 008,619,663 | ---- | M] () -- C:\Scorerererererer.dsgm
[2010/03/02 02:24:48 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\0Mp8n7BDj1d
[2009/08/14 17:35:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Allen Ganan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 23:19:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/08/16 23:19:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/08/16 15:40:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/12/10 08:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그 [2010/12/10 08:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Allen Ganan\My Documents\??  ) -- C:\Documents and Settings\Allen Ganan\My Documents\넥슨 플러그
[2010/09/18 08:00:16 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Allen Ganan\ ??) -- C:\Documents and Settings\Allen Ganan\獷楬汢捯污
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = hex(7):0x95

:FILES

:Commands
 [REBOOT]

3.  Click on the Run Fix button.  The fix log is saved on your C: drive under OTL\Moved Files as date-some number.log.  Reboot you PC.

4.  Now click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.  When the scan completes, it will open two notepad windows.  OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

5. Run MBAM again.  Be sure to update the program and run a full system scan.

6.  Run ESET Online Scanner  again.

7.  Be sure that ONLY the following items are checked:
   Remove found threats
   Scan for potentially unwanted applications
   Enable Anti-Stealth technology

Click Start.

It may take some time for the virus definitions to download and the scan to finish.  Do not click on the interface, download or install anything until the scan completes.  When the scan completes click Finish.

8.  Navigate to the following file path, C:\Program Files\ESET\ESET Online Scanner and Double-click on the log file.  Click File/Save As and name the file ESETLog.txt and save it to your desktop.


As always please check to be sure Word Wrap is NOT turned on in any Notepad files you post and please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
OTL Fix Log
OTL.txt
Extras.txt
mbam-log-latest date
EsetLog.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well


Logged
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte
Pages: 1 [2] 3 4 ... 10   Go Up
« previous next »