Painfully slow Computer

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Painfully slow Computer26th November 2010, 12:46 am

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Painfully slow Computer - Page 1 DXwU4

Re: Painfully slow Computer26th November 2010, 10:00 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5190

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26/11/2010 09:50:26
mbam-log-2010-11-26 (09-50-26).txt

Scan type: Quick scan
Objects scanned: 139791
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Painfully slow Computer27th November 2010, 1:16 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Painfully slow Computer27th November 2010, 12:35 pm

Hi Combo fix didn't run either. I left it for just over two hours, it didn't appear to make any process sa I last remember when I last used it.
My whole system froze, so I had to reboot.

Upon this, I got the system has recovered from a serious error message, I took a screenshot of the details of this, should I upload it?

Regards

Re: Painfully slow Computer28th November 2010, 12:47 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

Please Download Rkill.com. Save it to your Desktop.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try Combofix now.

Re: Painfully slow Computer28th November 2010, 10:25 am

Hi

I have no problems running rkill, but afterwards when running Combo-fix, my computer still freezes, but this time it just goes to a black screen. I thought it maybe my blank screensaver thta could be disrupting it, but the same results occured even when I turned it off... Sigh..!

Regards

Re: Painfully slow Computer29th November 2010, 12:33 am

Hello.

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

Re: Painfully slow Computer29th November 2010, 1:02 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 157):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7D6F000 \WINDOWS\system32\KDCOM.DLL
0xF7C7F000 \WINDOWS\system32\BOOTVID.dll
0xF7820000 ACPI.sys
0xF7D71000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF780F000 pci.sys
0xF786F000 isapnp.sys
0xF7C83000 compbatt.sys
0xF7C87000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7E37000 pciide.sys
0xF7AEF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7D73000 intelide.sys
0xF77F1000 pcmcia.sys
0xF787F000 MountMgr.sys
0xF77D2000 ftdisk.sys
0xF7AF7000 PartMgr.sys
0xF788F000 VolSnap.sys
0xF77BA000 atapi.sys
0xF789F000 disk.sys
0xF78AF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF779A000 fltmgr.sys
0xF7788000 sr.sys
0xF776B000 eBoost.sys
0xF78BF000 PxHelp20.sys
0xF774D000 TPkd.sys
0xF7736000 KSecDD.sys
0xF76A9000 Ntfs.sys
0xF767C000 NDIS.sys
0xF7662000 Mup.sys
0xF78CF000 agp440.sys
0xF79FF000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7CFF000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF6E91000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6E7D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C6F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6E59000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7C77000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF6E2E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF6E16000 \SystemRoot\system32\DRIVERS\ozscr.sys
0xF7D03000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xF7A0F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF6DFF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7B0F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF6DE4000 \SystemRoot\System32\drivers\keyscrambler.sys
0xF7B17000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7A1F000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7D0B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6DD0000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7A2F000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7A3F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7A4F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6DAD000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6D6C000 \SystemRoot\system32\drivers\STAC97.sys
0xF6D48000 \SystemRoot\system32\drivers\portcls.sys
0xF7A5F000 \SystemRoot\system32\drivers\drmk.sys
0xF6D19000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6C15000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6B7A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7B1F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A6F000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0xF7A9F000 \SystemRoot\system32\drivers\ScreamingBAudio.sys
0xF7FB9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7ACF000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7D17000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6B63000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78FF000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF790F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7B2F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6B52000 \SystemRoot\System32\DRIVERS\psched.sys
0xF791F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7B9F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7BA7000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF6A82000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF796F000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF6A65000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF6A4D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF7E09000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF69EF000 \SystemRoot\System32\DRIVERS\update.sys
0xF7083000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7BAF000 \SystemRoot\system32\DRIVERS\omci.sys
0xF797F000 \SystemRoot\system32\DRIVERS\cledx.sys
0xF798F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79BF000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7E0D000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7E1F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7EEC000 \SystemRoot\System32\Drivers\Null.SYS
0xF4940000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF7BCF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7BD7000 \SystemRoot\System32\drivers\vga.sys
0xF7E23000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7E25000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7BDF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7BE7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF762D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF490D000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF48B4000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF48A2000 \SystemRoot\system32\DRIVERS\epfwtdi.sys
0xF487C000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF4854000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4832000 \SystemRoot\System32\drivers\afd.sys
0xF79EF000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7BEF000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xF7A8F000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xF47C0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7BF7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF4795000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF496B000 \SystemRoot\system32\ckldrv.sys
0xF46FD000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7AAF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7ADF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF78EF000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF482E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6B42000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BFF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF482A000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF4822000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF461D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7E2D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4812000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7C0F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7F67000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF245E000 \SystemRoot\system32\DRIVERS\eamon.sys
0xF2619000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF2421000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xF23FF000 \SystemRoot\system32\DRIVERS\epfw.sys
0xF2452000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF7C4F000 \SystemRoot\system32\drivers\fsnet.sys
0xF7DB1000 \SystemRoot\system32\drivers\NDISDLL.SYS
0xF2399000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF25E5000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xF244E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF7DDD000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF20D8000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7B47000 \??\C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\New Folder\TizerBruteForceEx.sys
0xF1FB8000 \SystemRoot\System32\DRIVERS\srv.sys
0xF2169000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF46DD000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF1E63000 \SystemRoot\system32\drivers\wdmaud.sys
0xF25A5000 \SystemRoot\system32\drivers\sysaudio.sys
0xF1B4F000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0xF7C67000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xF7B27000 \SystemRoot\System32\DRIVERS\nwlnkfwd.sys
0xF7E6E000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xF169B000 \SystemRoot\System32\DRIVERS\nwlnkflt.sys
0xF18AF000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF7DF5000 \??\C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS
0xF1002000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
1232 csrss.exe
1300 C:\WINDOWS\system32\winlogon.exe
1392 C:\WINDOWS\system32\services.exe
1404 C:\WINDOWS\system32\lsass.exe
1620 C:\Program Files\USB Safely Remove\USBSRService.exe
1672 C:\WINDOWS\system32\svchost.exe
1780 svchost.exe
1904 C:\WINDOWS\system32\svchost.exe
1992 svchost.exe
192 C:\WINDOWS\system32\svchost.exe
552 C:\WINDOWS\system32\svchost.exe
864 C:\WINDOWS\system32\svchost.exe
904 C:\WINDOWS\system32\spoolsv.exe
976 svchost.exe
1000 C:\WINDOWS\system32\dllhost.exe
1048 C:\WINDOWS\system32\Crypserv.exe
1096 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
1200 C:\Program Files\Java\jre6\bin\jqs.exe
1256 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
664 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1496 C:\WINDOWS\system32\netdde.exe
1744 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
296 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
572 C:\WINDOWS\system32\NLSSRV32.EXE
1708 C:\Program Files\Sandboxie\SbieSvc.exe
1864 svchost.exe
2080 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2124 C:\Program Files\ESET\ESET Smart Security\egui.exe
2140 C:\WINDOWS\system32\svchost.exe
2160 C:\Program Files\Freecorder\FLVSrvc.exe
2256 C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
2312 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
2472 wdfmgr.exe
2856 C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
3032 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
2772 alg.exe
3156 C:\WINDOWS\explorer.exe
1888 C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
4076 C:\Program Files\Mozilla Firefox\firefox.exe
2700 C:\Program Files\Mozilla Firefox\plugin-container.exe
3116 wmiprvse.exe
3912 C:\Documents and Settings\Voodoo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060AH, Rev: 000000A0

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Re: Painfully slow Computer29th November 2010, 10:39 pm

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

Re: Painfully slow Computer29th November 2010, 11:05 pm

OTL logfile created on: 11/29/2010 11:35:14 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 828.00 Mb Available Physical Memory | 81.00% Memory free
907.00 Mb Paging File | 852.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 11.71 Gb Free Space | 20.95% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor)
SRV - File not found [Auto] -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Auto] -- C:\Combo-Fix18819C\PEV.cfx -- (PEVSystemStart)
SRV - File not found [On_Demand] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2010/10/27 13:23:16 | 001,483,072 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 13:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/30 20:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/30 20:52:40 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/06/24 04:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 04:27:12 | 000,810,144 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/05/07 13:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/05/04 06:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/29 09:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/17 05:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/01/28 19:43:12 | 000,634,488 | ---- | M] (eBoostr.com) [Disabled] -- C:\Program Files\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC)
SRV - [2009/11/26 02:59:56 | 000,261,456 | ---- | M] () [Auto] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2009/07/17 06:10:18 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/07/17 06:10:16 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [Disabled] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/03/13 08:13:12 | 000,513,536 | ---- | M] (Hagel Technologies Ltd.) [Disabled] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2008/10/20 16:18:26 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/01/08 11:08:10 | 000,094,208 | ---- | M] () [Disabled] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2005/07/18 13:27:42 | 000,069,632 | ---- | M] (FarStone Technology Inc.) [Disabled] -- C:\Program Files\Farstone\HackerSmacker\FWCOM.exe -- (FWCOM)
SRV - [2003/11/26 16:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Voodoo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\Voodoo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = www.google.com
IE - HKU\Voodoo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 07:26:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 07:26:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/11/21 19:00:44 | 000,000,000 | ---D | M]

[2010/11/28 12:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/26 18:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 19:49:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/14 06:50:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/14 22:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/06 18:09:52 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/19 15:15:22 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/10/21 08:25:38 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/21 08:25:39 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/21 08:25:39 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/21 08:25:39 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/06 16:39:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (HookIe Class) - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\HackerSmacker\webflt.dll (FarStone Technology Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\Voodoo_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Voodoo_ON_C..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\Voodoo_ON_C..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKU\Voodoo_ON_C..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Documents and Settings\Voodoo\Start Menu\Programs\Startup\Malwarebytes' Anti-Malware.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Voodoo\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Voodoo_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Voodoo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Voodoo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Voodoo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/13 07:05:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 07:37:17 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 17:55:23 | 098,217,771 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Voodoo\Desktop\OTLPEStd.exe
[2010/11/29 05:35:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Nitro PDF
[2010/11/27 23:18:25 | 000,000,000 | --SD | C] -- C:\Combo-Fix18819C
[2010/11/27 06:46:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/27 06:46:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/27 06:46:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/27 06:46:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/26 10:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Local Settings\Application Data\PC_Drivers_Headquarters
[2010/11/26 10:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/11/24 18:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/24 18:10:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/23 07:44:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Voodoo\Recent
[2010/11/23 07:44:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/20 09:36:00 | 000,000,000 | ---D | C] -- C:\Music Label Databases
[2010/11/20 09:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\Music Label
[2010/11/20 09:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\My Documents\Music Label Reports
[2010/11/20 09:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Music Label 2011
[2010/11/12 11:38:58 | 000,000,000 | ---D | C] -- C:\sd card formatter
[2010/11/10 06:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\ESET
[2010/11/10 06:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/10 05:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\ESET
[2010/11/07 16:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\AccurateRip
[2010/11/07 16:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2010/11/07 13:40:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
[2010/11/07 13:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/11/05 09:26:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2010/11/05 09:26:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2010/11/05 08:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\ProgSense
[2010/11/05 08:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/04 21:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jasc Software Inc
[2010/11/04 21:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\My Documents\My PSP Files
[2010/11/04 21:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\Jasc Software Inc
[2010/11/04 18:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/11/04 07:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\My Documents\SightSpeed Recordings
[2010/11/04 06:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
[2010/11/04 06:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\DU Meter
[2010/11/04 06:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Local Settings\Application Data\LogiShrd
[2010/11/04 06:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\Leadertech
[2010/11/04 06:34:30 | 000,543,328 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010/11/04 06:34:30 | 000,539,232 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010/11/04 06:34:30 | 000,416,352 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2010/11/04 06:34:28 | 006,842,464 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2010/11/04 06:33:34 | 000,199,192 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci12101110.dll
[2010/11/04 06:33:33 | 000,282,336 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2010/11/04 06:33:32 | 000,114,784 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvpopflt.sys
[2010/11/04 06:32:19 | 000,023,904 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2010/11/04 06:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/11/04 06:26:25 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/11/04 06:26:16 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/11/04 06:26:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/11/04 06:26:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/11/04 06:26:13 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/11/04 06:26:10 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/11/04 06:26:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/11/04 06:26:03 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/11/04 06:26:00 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/11/04 06:25:36 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/11/04 06:25:36 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/11/04 06:25:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/11/04 06:25:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/11/04 06:25:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/11/04 06:25:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/11/04 06:25:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/11/04 06:25:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/11/04 06:25:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/11/04 06:25:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/10/31 19:52:35 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010/10/31 19:52:33 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/10/31 19:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Application Data\TuneUp Software
[2010/10/31 19:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2010/10/31 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Voodoo\Desktop\Power Defrag
[2009/09/10 13:47:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Voodoo\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/29 18:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/29 18:07:15 | 098,217,771 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Voodoo\Desktop\OTLPEStd.exe
[2010/11/28 20:01:00 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\MBRCheck.exe
[2010/11/28 18:50:50 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkyx.sys
[2010/11/28 06:05:50 | 000,951,586 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\Ham in Coke « Gastronomy Do...pdf
[2010/11/28 05:13:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/28 05:13:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\WECPUpdate.job
[2010/11/27 22:59:22 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\rkill.rtf
[2010/11/27 22:53:25 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\rkill.com
[2010/11/27 07:20:54 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\error.bmp
[2010/11/27 06:45:12 | 003,910,097 | R--- | M] () -- C:\Documents and Settings\Voodoo\Desktop\Combo-Fix.exe
[2010/11/26 15:37:37 | 000,142,526 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\instant-batman-costume-win.jpg
[2010/11/24 18:08:27 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\RSIT.exe
[2010/11/24 15:44:03 | 002,941,726 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\AutoRunsvoodootest.arn
[2010/11/24 15:32:08 | 000,620,277 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\Autoruns.zip
[2010/11/23 08:03:37 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\dds.scr
[2010/11/20 09:34:16 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\Music Label 2011.lnk
[2010/11/16 10:37:15 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\Thomas D.A Tellefsen,.cue
[2010/11/14 07:11:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/13 12:10:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/11/11 08:55:09 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Voodoo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 17:21:22 | 000,372,969 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\Recipes - Stir Fried Eggpla...pdf
[2010/11/07 20:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 16:55:40 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\Exact Audio Copy.lnk
[2010/11/07 11:28:07 | 000,422,538 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\wrapper.bmp
[2010/11/07 11:23:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\watch.wtc
[2010/11/05 14:32:38 | 005,515,930 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\Video0018.3gp
[2010/11/05 08:39:47 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\Orbit.lnk
[2010/11/04 21:25:12 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/04 18:01:56 | 000,396,658 | ---- | M] () -- C:\Documents and Settings\Voodoo\Desktop\untitled.bmp
[2010/11/03 19:16:03 | 000,001,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/11/02 19:38:51 | 000,188,066 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\japanese soy sauces.pdf
[2010/11/02 18:59:51 | 000,312,680 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\Wonton dipping sauces.pdf
[2010/11/02 14:15:21 | 000,484,256 | ---- | M] () -- C:\Documents and Settings\Voodoo\My Documents\70s Recipes - Chicken Chasseur.pdf
[2010/10/31 06:32:23 | 000,441,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 06:32:23 | 000,071,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/11/28 20:01:00 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\MBRCheck.exe
[2010/11/28 18:50:50 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gkyx.sys
[2010/11/28 06:05:42 | 000,951,586 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\Ham in Coke « Gastronomy Do...pdf
[2010/11/27 22:59:22 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\rkill.rtf
[2010/11/27 22:53:18 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\rkill.com
[2010/11/27 07:20:53 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\error.bmp
[2010/11/27 06:46:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/27 06:46:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/27 06:46:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/27 06:46:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/27 06:46:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/27 06:45:03 | 003,910,097 | R--- | C] () -- C:\Documents and Settings\Voodoo\Desktop\Combo-Fix.exe
[2010/11/26 15:37:33 | 000,142,526 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\instant-batman-costume-win.jpg
[2010/11/24 18:08:23 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\RSIT.exe
[2010/11/24 15:44:02 | 002,941,726 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\AutoRunsvoodootest.arn
[2010/11/24 15:31:56 | 000,620,277 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\Autoruns.zip
[2010/11/23 08:03:26 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\dds.scr
[2010/11/20 09:34:16 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\Music Label 2011.lnk
[2010/11/16 10:37:15 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\Thomas D.A Tellefsen,.cue
[2010/11/11 08:54:27 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Voodoo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 17:21:11 | 000,372,969 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\Recipes - Stir Fried Eggpla...pdf
[2010/11/07 16:55:40 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\Exact Audio Copy.lnk
[2010/11/07 11:28:07 | 000,422,538 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\wrapper.bmp
[2010/11/07 11:23:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\watch.wtc
[2010/11/05 14:30:42 | 005,515,930 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\Video0018.3gp
[2010/11/04 21:16:26 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/11/04 18:01:56 | 000,396,658 | ---- | C] () -- C:\Documents and Settings\Voodoo\Desktop\untitled.bmp
[2010/11/04 06:34:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/04 06:34:30 | 000,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/11/04 06:33:35 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/11/04 06:33:35 | 000,037,518 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/11/04 06:32:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/11/02 19:38:51 | 000,188,066 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\japanese soy sauces.pdf
[2010/11/02 18:59:39 | 000,312,680 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\Wonton dipping sauces.pdf
[2010/11/02 14:15:21 | 000,484,256 | ---- | C] () -- C:\Documents and Settings\Voodoo\My Documents\70s Recipes - Chicken Chasseur.pdf
[2010/10/21 16:26:35 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Voodoo\.recently-used.xbel
[2010/09/06 12:20:44 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\Voodoo\Application Data\systemfl.$dk
[2010/07/28 13:49:00 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/07/27 03:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 03:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/06/30 08:56:51 | 000,306,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/17 10:00:00 | 002,761,119 | ---- | C] () -- C:\WINDOWS\System32\Melodyne editor.dll
[2010/06/10 09:53:40 | 000,000,205 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2010/06/01 08:55:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010/05/21 08:05:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/05/10 14:14:12 | 000,001,018 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2010/05/07 13:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/30 14:48:41 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/04/30 14:48:30 | 000,028,518 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/04/30 14:48:23 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/04/19 04:32:24 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/04/03 07:47:51 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/03/30 16:09:50 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010/03/30 16:09:06 | 000,000,495 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010/03/19 20:20:50 | 000,000,020 | ---- | C] () -- C:\WINDOWS\CROCCLIP.INI
[2010/03/17 12:08:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2010/03/06 09:41:47 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/02/28 14:00:16 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2010/01/25 10:25:40 | 000,000,123 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2009/11/25 07:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/10/01 17:07:53 | 000,286,648 | ---- | C] () -- C:\Documents and Settings\Voodoo\Application Data\ReplayMusicLog.log
[2009/09/25 06:56:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009/09/16 11:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/09/10 13:48:32 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Voodoo\Application Data\vso_ts_preview.xml
[2009/09/10 13:47:44 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Voodoo\Application Data\pcouffin.log
[2009/09/10 13:47:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Voodoo\Application Data\pcouffin.cat
[2009/09/10 13:47:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Voodoo\Application Data\pcouffin.inf
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/07/24 09:08:51 | 000,000,188 | ---- | C] () -- C:\WINDOWS\js2.ini
[2009/07/13 19:20:03 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/07/13 19:20:03 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/07/13 19:20:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/07/13 19:20:03 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/06/19 10:46:01 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/14 09:46:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/05 06:46:51 | 000,006,945 | ---- | C] () -- C:\Documents and Settings\Voodoo\Application Data\PrimoPDFSet.xml
[2009/04/05 06:45:44 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/03/22 10:11:30 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/03/14 09:03:32 | 000,000,152 | ---- | C] () -- C:\WINDOWS\System32\sysplog2.dll._rb
[2009/03/14 09:03:30 | 000,000,152 | ---- | C] () -- C:\WINDOWS\System32\sysplog.dll._rb
[2009/03/13 10:06:57 | 000,001,602 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/03/13 06:49:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2006/12/08 07:58:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2006/12/07 20:52:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/03/13 23:22:21 | 000,000,080 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll
[1999/03/23 11:59:29 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\FSFW32.SYS

========== LOP Check ==========

[2010/11/10 05:35:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\ESET
[2010/04/08 07:01:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Foxit Software
[2010/11/29 05:35:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Nitro PDF
[2010/10/11 09:34:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\PrimoPDF
[2010/02/01 17:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2010/10/21 17:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\.purple
[2010/04/02 12:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\ACAMPREF
[2009/07/21 15:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Applied Acoustics Systems
[2009/09/11 05:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\avidemux
[2010/11/03 18:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Azureus
[2009/06/11 12:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Camfrog
[2009/06/19 10:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Canneverbe_Limited
[2010/10/02 09:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Celemony Software GmbH
[2010/05/05 04:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Codemonster
[2009/04/28 18:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\DAEMON Tools
[2010/05/20 10:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\DAEMON Tools Lite
[2009/04/28 18:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\DAEMON Tools Pro
[2010/10/25 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Downloaded Installations
[2010/11/10 06:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\ESET
[2010/09/13 12:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\FILEminimizerPictures
[2009/03/31 10:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\FLVPlayer4Free
[2010/03/08 18:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\FMZilla
[2010/11/25 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\foobar2000
[2009/05/17 06:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\ForgottenRiddles2
[2009/03/22 15:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Foxit
[2010/10/14 14:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Foxit Software
[2010/07/23 09:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\GPSoftware
[2010/03/06 09:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\GrabPro
[2010/10/21 16:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\gtk-2.0
[2010/08/20 12:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Intermedia Software
[2009/03/13 14:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\IObit
[2009/11/11 11:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\KRKsoft
[2010/11/04 06:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Leadertech
[2010/09/10 07:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Livestation
[2010/09/10 07:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Mchid
[2010/11/20 09:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Music Label
[2009/10/07 06:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Neuratron
[2010/11/28 06:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Nitro PDF
[2010/04/11 09:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Noteworthy Software
[2010/03/08 18:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\OpenCandy
[2010/10/26 18:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\OpenOffice.org
[2010/11/29 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Orbit
[2010/04/03 07:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\PACE Anti-Piracy
[2010/01/08 15:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\PPStream
[2010/10/26 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\PrimoPDF
[2010/11/05 08:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\ProgSense
[2010/09/28 11:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Radical Software Ltd
[2010/04/19 05:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Samsung
[2009/05/28 09:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Screaming Bee
[2010/01/25 11:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Simply Super Software
[2010/10/19 17:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Spotify
[2010/04/02 17:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Steinberg
[2009/04/14 16:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\STOPzilla!
[2010/09/11 08:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Thinstall
[2010/02/28 14:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\TrojanHunter
[2010/10/31 19:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\TuneUp Software
[2009/06/24 06:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/23 20:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Uniblue
[2010/07/01 05:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\USBSafelyRemove
[2010/09/22 19:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\uTorrent
[2009/11/07 10:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\VirSyn Software Synthesizer
[2009/10/19 17:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Vso
[2010/04/30 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\Waves Audio
[2010/11/09 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\WebStripper
[2010/06/07 04:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\WordWeb
[2010/04/11 10:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Voodoo\Application Data\XYplorer
[2010/11/28 05:13:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\WECPUpdate.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 1066 bytes -> C:\Documents and Settings\Voodoo\Local Settings\Application Data\XENDgOfk:L50FgNexydoJsd2xWFWtBFFplz
< End of report >

Re: Painfully slow Computer30th November 2010, 12:02 am

Just a few notes when I did this process.. I never got the option "Do you wish to load the remote registry"
Also the otl.txt file was just located in root of the C:\ drive not the folder you mentioned.

Should I still be in OTLPE mode at this point, or normal boot mode?

Re: Painfully slow Computer1st December 2010, 12:12 am

Please run OTLPE again.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
[2010/11/28 18:50:50 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gkyx.sys
@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 1066 bytes -> C:\Documents and Settings\Voodoo\Local Settings\Application Data\XENDgOfk:L50FgNexydoJsd2xWFWtBFFplz
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Painfully slow Computer1st December 2010, 12:37 am

========== OTL ==========
File C:\WINDOWS\System32\drivers\gkyx.sys not found.
ADS C:\WINDOWS:nlsPreferences deleted successfully.
ADS C:\Documents and Settings\Voodoo\Local Settings\Application Data\XENDgOfk:L50FgNexydoJsd2xWFWtBFFplz deleted successfully.

OTLPE by OldTimer - Version 3.1.43.0 log created on 12012010_003250

Re: Painfully slow Computer2nd December 2010, 1:19 am

Hello.
Try running Combofix now.

Re: Painfully slow Computer2nd December 2010, 11:17 am

Hi

Combofix still does not run. It does not make any more progress after the blue window opens. The cursor still flashes though. Again I left it a couple of hours

Re: Painfully slow Computer3rd December 2010, 12:46 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: Painfully slow Computer3rd December 2010, 1:01 am

2010/12/03 01:00:26.0877 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/03 01:00:26.0877 ================================================================================
2010/12/03 01:00:26.0877 SystemInfo:
2010/12/03 01:00:26.0877
2010/12/03 01:00:26.0877 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/03 01:00:26.0877 Product type: Workstation
2010/12/03 01:00:26.0877 ComputerName: VOODOO
2010/12/03 01:00:26.0877 UserName: Voodoo
2010/12/03 01:00:26.0877 Windows directory: C:\WINDOWS
2010/12/03 01:00:26.0877 System windows directory: C:\WINDOWS
2010/12/03 01:00:26.0877 Processor architecture: Intel x86
2010/12/03 01:00:26.0877 Number of processors: 1
2010/12/03 01:00:26.0877 Page size: 0x1000
2010/12/03 01:00:26.0877 Boot type: Normal boot
2010/12/03 01:00:26.0877 ================================================================================
2010/12/03 01:00:27.0308 Initialize success
2010/12/03 01:00:33.0537 ================================================================================
2010/12/03 01:00:33.0537 Scan started
2010/12/03 01:00:33.0537 Mode: Manual;
2010/12/03 01:00:33.0537 ================================================================================
2010/12/03 01:00:34.0157 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/03 01:00:34.0248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/03 01:00:34.0428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/03 01:00:34.0558 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/03 01:00:34.0638 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/03 01:00:34.0718 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/03 01:00:35.0069 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/12/03 01:00:35.0349 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/03 01:00:35.0429 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/12/03 01:00:35.0610 ati2mtag (246248aada156450be611eceaa5fe033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/03 01:00:35.0760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/03 01:00:35.0860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/03 01:00:35.0940 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/03 01:00:35.0990 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/03 01:00:36.0120 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/03 01:00:36.0150 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/12/03 01:00:36.0190 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/03 01:00:36.0271 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/03 01:00:36.0321 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/03 01:00:36.0571 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/03 01:00:36.0641 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/03 01:00:36.0721 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/03 01:00:36.0801 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/03 01:00:36.0881 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/03 01:00:37.0022 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
2010/12/03 01:00:37.0122 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/03 01:00:37.0252 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/03 01:00:37.0512 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2010/12/03 01:00:37.0582 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/03 01:00:37.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/03 01:00:37.0783 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/03 01:00:37.0833 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/03 01:00:37.0913 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/03 01:00:38.0013 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/03 01:00:38.0103 DUMeterDrv (e048bcc97c84d054b822ba40d8b0b6d3) C:\Program Files\DU Meter\DUM_XP32.SYS
2010/12/03 01:00:38.0193 eamon (54e6b2194da2b8a286077a8abf42d3b7) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/12/03 01:00:38.0323 eBoost (a82b557f3be27d8532421017f821d6ad) C:\WINDOWS\system32\drivers\eBoost.sys
2010/12/03 01:00:38.0394 ehdrv (299a7ce452023a99a65d0d28f3b2bbf6) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/03 01:00:38.0484 epfw (6bff97e56be01d712bbcc8734a141b29) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/12/03 01:00:38.0554 Epfwndis (6dfb844fd0618dfd46d19184b475738b) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/12/03 01:00:38.0614 epfwtdi (a68968294949d9dccc98818273d98033) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2010/12/03 01:00:38.0754 EWAVE (a9bdccf9294d50c2fdc9d2939e43a508) C:\WINDOWS\system32\drivers\ew.sys
2010/12/03 01:00:38.0874 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/03 01:00:38.0934 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/03 01:00:39.0004 FILESPY (9658161beb44d0193b6f2f03372119a2) C:\WINDOWS\system32\drivers\FILESPY.sys
2010/12/03 01:00:39.0105 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/12/03 01:00:39.0185 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/03 01:00:39.0245 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/03 01:00:39.0315 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/03 01:00:39.0415 fsnet (537baad1ad81ff7497890df1bc816b27) C:\WINDOWS\system32\drivers\fsnet.sys
2010/12/03 01:00:39.0475 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/03 01:00:39.0555 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/03 01:00:39.0645 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/03 01:00:39.0726 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2010/12/03 01:00:39.0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/03 01:00:39.0946 HSFHWICH (dd33c6b441ca381f8fc82b06be2e2cac) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/12/03 01:00:40.0066 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/03 01:00:40.0206 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/03 01:00:40.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/03 01:00:40.0497 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/03 01:00:40.0617 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/03 01:00:40.0647 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/03 01:00:40.0697 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/03 01:00:40.0747 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/03 01:00:40.0787 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/03 01:00:40.0837 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/03 01:00:40.0917 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/03 01:00:40.0997 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/03 01:00:41.0047 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/03 01:00:41.0158 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/03 01:00:41.0198 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/03 01:00:41.0248 KeyScrambler (83a174ac30d12186e5c2e56d362d3604) C:\WINDOWS\system32\drivers\keyscrambler.sys
2010/12/03 01:00:41.0408 KillTheHooker (0c8039f620a48e9ffcec5ce31b7af218) C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\New Folder\TizerBruteForceEx.sys
2010/12/03 01:00:41.0478 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/03 01:00:41.0568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/03 01:00:41.0718 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2010/12/03 01:00:41.0788 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2010/12/03 01:00:41.0869 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2010/12/03 01:00:41.0969 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/12/03 01:00:42.0059 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/12/03 01:00:42.0149 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/12/03 01:00:42.0560 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/12/03 01:00:42.0920 MBAMProtector (9b5cc6c481bdd00a963829b892623247) C:\WINDOWS\system32\drivers\mbam.sys
2010/12/03 01:00:43.0000 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/12/03 01:00:43.0110 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/03 01:00:43.0261 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/03 01:00:43.0361 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/03 01:00:43.0441 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/03 01:00:43.0541 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/03 01:00:43.0611 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/03 01:00:43.0761 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/03 01:00:43.0851 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/03 01:00:43.0962 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/03 01:00:44.0042 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/03 01:00:44.0162 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/03 01:00:44.0242 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/03 01:00:44.0292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/03 01:00:44.0352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/03 01:00:44.0392 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/03 01:00:44.0452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/03 01:00:44.0522 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/03 01:00:44.0603 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/03 01:00:44.0683 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/03 01:00:44.0753 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/03 01:00:44.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/03 01:00:44.0883 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/03 01:00:44.0923 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/03 01:00:44.0963 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/03 01:00:45.0063 NetworkX (28ec631512321989506edfe8c7e46fb5) C:\WINDOWS\system32\ckldrv.sys
2010/12/03 01:00:45.0163 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/03 01:00:45.0213 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/03 01:00:45.0273 NSTATION (94f8231032653c2c3802cad0e28bad85) C:\WINDOWS\system32\drivers\nstation.sys
2010/12/03 01:00:45.0374 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/03 01:00:45.0454 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/03 01:00:45.0524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/03 01:00:45.0604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/03 01:00:45.0734 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/03 01:00:45.0784 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/03 01:00:45.0834 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/03 01:00:45.0924 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/12/03 01:00:46.0015 O2SCBUS (439ad52d13600ea69f4a4409b2968a51) C:\WINDOWS\system32\DRIVERS\ozscr.sys
2010/12/03 01:00:46.0075 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/03 01:00:46.0135 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/03 01:00:46.0275 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/03 01:00:46.0335 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/03 01:00:46.0385 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/03 01:00:46.0455 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/03 01:00:46.0495 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/03 01:00:46.0555 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/03 01:00:46.0846 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/03 01:00:46.0896 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/03 01:00:46.0966 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/03 01:00:47.0006 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/03 01:00:47.0046 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/03 01:00:47.0346 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/03 01:00:47.0407 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/03 01:00:47.0457 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/03 01:00:47.0487 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/03 01:00:47.0527 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/03 01:00:47.0567 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/03 01:00:47.0607 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/03 01:00:47.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/03 01:00:47.0747 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/03 01:00:47.0817 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/03 01:00:47.0987 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/03 01:00:48.0017 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/03 01:00:48.0067 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/03 01:00:48.0148 SbieDrv (8767091e7b57c686b3f97754c30949be) C:\Program Files\Sandboxie\SbieDrv.sys
2010/12/03 01:00:48.0318 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/12/03 01:00:48.0408 SCREAMINGBDRIVER (d3fa9fb502ad62001101f495bbbac42e) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2010/12/03 01:00:48.0498 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/03 01:00:48.0588 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/03 01:00:48.0648 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/03 01:00:48.0738 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/03 01:00:48.0869 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/03 01:00:48.0999 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/03 01:00:49.0089 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/03 01:00:49.0199 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/03 01:00:49.0279 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/03 01:00:49.0349 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/12/03 01:00:49.0399 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/12/03 01:00:49.0520 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/12/03 01:00:49.0630 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\STAC97.sys
2010/12/03 01:00:49.0700 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/12/03 01:00:49.0800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/03 01:00:49.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/03 01:00:49.0970 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/03 01:00:50.0161 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/03 01:00:50.0241 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/03 01:00:50.0361 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/03 01:00:50.0441 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/03 01:00:50.0501 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/03 01:00:50.0661 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2010/12/03 01:00:50.0801 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2010/12/03 01:00:50.0892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/03 01:00:51.0042 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/03 01:00:51.0182 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/03 01:00:51.0272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/03 01:00:51.0332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/03 01:00:51.0372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/03 01:00:51.0422 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/03 01:00:51.0462 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/03 01:00:51.0542 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/03 01:00:51.0623 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/03 01:00:51.0753 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/03 01:00:51.0873 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2010/12/03 01:00:51.0983 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/03 01:00:52.0063 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/03 01:00:52.0173 winachsf (8d4f833289e769dca80c0067cc2e40d8) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/03 01:00:52.0364 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/03 01:00:52.0474 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/03 01:00:52.0784 ================================================================================
2010/12/03 01:00:52.0784 Scan finished
2010/12/03 01:00:52.0784 ================================================================================

Re: Painfully slow Computer3rd December 2010, 9:44 pm

Hello.
Still having problems? ignore Combofix for now.

Re: Painfully slow Computer6th December 2010, 1:03 am

Hi, there does seem to be a vast improvement so far.

Could you possibly tell me what the problem/infection was, and if there is anything nasty left on my system?
Also, any ideas why Combofix would not run, should I also remove it from my system?

Regards

Re: Painfully slow Computer6th December 2010, 9:05 pm

Hello.
I want to look at something, please re-run OTLPE and run the OTL scan again, post the new log.

Re: Painfully slow Computer6th December 2010, 9:42 pm

Hi OTLPE won't actually run now using the CD... It freezes at the black screen with the message, "Starting Reatogo-X-PE" it loads up until the white progress bar has completed, and then the system hangs.

Regards

Re: Painfully slow Computer7th December 2010, 12:34 am

Okay boot normally, just do this check for me.

Does this file in bold exist on your machine?
C:\WINDOWS\System32\drivers\gkyx.sys

Re: Painfully slow Computer7th December 2010, 1:08 am

No, the file does not exist..

Re: Painfully slow Computer7th December 2010, 11:57 pm

Okay, when you boot normally now, how is the machine running? overall performance?

Re: Painfully slow Computer8th December 2010, 11:18 pm

Hi

It does seem to be running better than before, it still lags a little bit, not completely smooth. I will give it a week and report back of any major issues.

Could you give me details of what infection/problem you found please, just for my reference?

Regards

Re: Painfully slow Computer9th December 2010, 12:20 am

Not too sure, it looked like some weak variant of a rootkit.

Painfully slow Computer

descriptionRe: Painfully slow Computer26th November 2010, 12:46 am

descriptionRe: Painfully slow Computer26th November 2010, 10:00 am

descriptionRe: Painfully slow Computer27th November 2010, 1:16 am

descriptionRe: Painfully slow Computer27th November 2010, 12:35 pm

descriptionRe: Painfully slow Computer28th November 2010, 12:47 am

descriptionRe: Painfully slow Computer28th November 2010, 10:25 am

descriptionRe: Painfully slow Computer29th November 2010, 12:33 am

descriptionRe: Painfully slow Computer29th November 2010, 1:02 am

descriptionRe: Painfully slow Computer29th November 2010, 10:39 pm

descriptionRe: Painfully slow Computer29th November 2010, 11:05 pm

descriptionRe: Painfully slow Computer30th November 2010, 12:02 am

descriptionRe: Painfully slow Computer1st December 2010, 12:12 am

descriptionRe: Painfully slow Computer1st December 2010, 12:37 am

descriptionRe: Painfully slow Computer2nd December 2010, 1:19 am

descriptionRe: Painfully slow Computer2nd December 2010, 11:17 am

descriptionRe: Painfully slow Computer3rd December 2010, 12:46 am

descriptionRe: Painfully slow Computer3rd December 2010, 1:01 am

descriptionRe: Painfully slow Computer3rd December 2010, 9:44 pm

descriptionRe: Painfully slow Computer6th December 2010, 1:03 am

descriptionRe: Painfully slow Computer6th December 2010, 9:05 pm

descriptionRe: Painfully slow Computer6th December 2010, 9:42 pm

descriptionRe: Painfully slow Computer7th December 2010, 12:34 am

descriptionRe: Painfully slow Computer7th December 2010, 1:08 am

descriptionRe: Painfully slow Computer7th December 2010, 11:57 pm

descriptionRe: Painfully slow Computer8th December 2010, 11:18 pm

descriptionRe: Painfully slow Computer9th December 2010, 12:20 am

descriptionRe: Painfully slow Computer