CPU Usage always 100%, All security features disabled and unknown partition

[chantelope]

Hi,


DDS (Ver_09-03-16.01) - NTFSx86
Run by Lee at 17:30:58.59 on 27/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.1240 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Documents and Settings\Lee\reader_s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\eHome\ehmsas.exe
svchost.exe C:\WINDOWS\TEMP\VRT19.tmp
C:\WINDOWS\System32\reader_s.exe
svchost.exe C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Lee\Desktop\gmer.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Documents and Settings\Lee\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nufcblog.com/
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\windres.exe,c:\windows\system32\twex.exe,c:\windows\system32\ntos.exe,
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [reader_s] c:\documents and settings\lee\reader_s.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\pcsecurityshield\the shield deluxe 2008\avp.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [services] 63400A04031D427E16192C214A5D0D2D2035500531252544330C290B26AFDDA5DFE41A302510073256452D3B132807C0DB70DFA3B3A6B42060606020202020602020202060202020202060206035EAF1EEFFE4CF5E62032C213A312B3A49015E2C227C1F233D34113556525913191B35493C38310E710A393028326300402A1C09372E152D006D422C2Bo(
mRun: [el] "c:\windows\system32\regsvr32.exe" /u /s "c:\windows\system32\el32.dll"
mRunOnce: [el] "c:\windows\system32\cmd.exe" /c del "c:\1E.tmp"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [reader_s] c:\documents and settings\lee\reader_s.exe
dRun: [services] 63400A04031D427E16192C214A5D0D2D2035500531252544330C290B26AFDDA5DFE41A302510073256452D3B132807C0DB70DFA3B3A6B42060606020202020602020202060202020202060206035EAF1EEFFE4CF5E62032C213A312B3A49015E2C227C1F233D34113556525913191B35493C38310E710A393028326300402A1C09372E152D006D422C2Bo(
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dExplorerRun: [services] 63400A04031D427E16192C214A5D0D2D2035500531252544330C290B26AFDDA5DFE41A302510073256452D3B132807C0DB70DFA3B3A6B42060606020202020602020202060202020202060206035EAF1EEFFE4CF5E62032C213A312B3A49015E2C227C1F233D34113556525913191B35493C38310E710A393028326300402A1C09372E152D006D422C2Bo(
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-gb\msntb.dll/search.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download Link Using DownloadStudio...
IE: Download List Of Files Using DownloadStudio...
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Subscribe To RSS/Podcast Using DownloadStudio...
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\pcsecurityshield\the shield deluxe 2008\scieplugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: facebook.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: rqRKDtUk - rqRKDtUk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - No File
STS: {8d8c2387-7f80-4022-9be6-43630a969558} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
{fa8be6d5-40e0-48b8-b317-18a4a590918a}
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lee\applic~1\mozilla\firefox\profiles\mgzewf8e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nufcblog.com/
FF - plugin: c:\documents and settings\lee\application data\mozilla\firefox\profiles\mgzewf8e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvideoegg-loader.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdsaud.dll
FF - plugin: c:\program files\opera\program\plugins\npdsprog.dll
FF - plugin: c:\program files\opera\program\plugins\npdsvid.dll
FF - plugin: c:\program files\opera\program\plugins\npdszip.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\videoegg\loader\2663\npvideoegg-loader.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-1-27 175888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 eq2soft;Service Eset;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 73728]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2007-5-7 19968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 116736]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-3-3 110360]
S2 afisicx;afisicx Service; [x]
S2 AVP;The Shield Deluxe 2008;c:\program files\pcsecurityshield\the shield deluxe 2008\avp.exe [2007-8-23 221248]
S2 defaultlib;Service AntiVir;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
S2 sopidkc;sopidkc Service; [x]
S2 tdctxte;tdctxte Service; [x]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2007-10-20 116192]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]

=============== Created Last 30 ================

2009-03-27 17:29 0 a------- c:\windows\lk00000000.tmp
2009-03-27 17:28 0 ac------ C:\21.tmp
2009-03-27 17:26 0 ac------ C:\1F.tmp
2009-03-27 17:25 128 a------- c:\windows\adobe.bat
2009-03-27 17:25 50,654 a------- c:\windows\services.exe
2009-03-27 17:25 37,376 a------- c:\windows\system32\reader_s.exe
2009-03-27 17:24 124 a------- c:\windows\system32\1A.tmp
2009-03-26 20:14 244 ac--h--- C:\sqmnoopt10.sqm
2009-03-26 20:14 232 ac--h--- C:\sqmdata00.sqm
2009-03-26 20:13 57,344 a------- c:\windows\system32\15.tmp
2009-03-26 19:45 57,344 a------- c:\windows\system32\14.tmp
2009-03-26 19:45 1 a------- c:\windows\system32\13.tmp
2009-03-26 19:45 84 a------- c:\windows\system32\11.tmp
2009-03-26 19:32 <DIR> --dsh--- c:\windows\system32\wsnpoem
2009-03-26 19:32 1 a------- c:\windows\system32\10.tmp
2009-03-26 19:32 84 a------- c:\windows\system32\F.tmp
2009-03-26 18:06 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-26 16:46 1 a------- c:\windows\system32\rc.dat
2009-03-26 16:46 1 a------- c:\windows\system32\ps1.dat
2009-03-26 16:40 10,784 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-26 16:40 1,988 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-26 16:40 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-26 16:40 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-25 19:19 82,258 a------- c:\windows\system32\drivers\klin.dat
2009-03-25 19:19 82,258 a------- c:\windows\system32\drivers\klick.dat
2009-03-25 19:19 <DIR> --d----- c:\program files\PCSecurityShield
2009-03-25 19:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSecurityShield
2009-03-25 19:12 1 a------- c:\windows\system32\D.tmp
2009-03-25 19:12 1 a------- c:\windows\system32\bb1.dat
2009-03-25 19:04 1 a------- c:\windows\system32\C.tmp
2009-03-25 18:44 59,392 a------- c:\windows\system32\inform.dat
2009-03-25 18:44 34,304 a------- c:\windows\system32\kmsvc32.dll
2009-03-25 18:44 14,119 a------- c:\windows\system32\wh
2009-03-25 18:44 1 a------- c:\windows\system32\B.tmp
2009-03-25 12:18 92,672 a------- c:\windows\system32\A.tmp
2009-03-25 12:18 84 a------- c:\windows\system32\2.tmp
2009-03-25 11:39 92,672 a------- c:\windows\system32\9.tmp
2009-03-25 11:39 1 a------- c:\windows\system32\8.tmp
2009-03-25 11:05 <DIR> -cd----- C:\fsaua.data
2009-03-25 07:19 <DIR> --dsh--- c:\windows\system32\twain32
2009-03-25 07:18 1 a------- c:\windows\system32\6.tmp
2009-03-25 07:18 84 a------- c:\windows\system32\3.tmp
2009-03-24 21:34 0 a------- c:\windows\system32\5.tmp
2009-03-24 21:34 124 a------- c:\windows\system32\4.tmp
2009-03-24 20:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-24 20:52 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-24 20:52 <DIR> --d----- c:\docume~1\lee\applic~1\SUPERAntiSpyware.com
2009-03-24 20:50 <DIR> -cd----- C:\Hosts
2009-03-24 19:14 376 a------- c:\windows\ODBC.INI
2009-03-24 18:04 95,616 -------- c:\windows\system32\BTEmailConfig.dll
2009-03-24 18:04 <DIR> --d----- c:\windows\BTV.0000
2009-03-24 18:02 <DIR> --d----- c:\program files\common files\Motive
2009-03-24 18:02 <DIR> --d----- c:\program files\BT Broadband Desktop Help
2009-03-24 18:01 <DIR> --d----- c:\program files\BTHomeHub
2009-03-24 17:59 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-03-24 17:58 0 a------- c:\windows\system32\1F.tmp
2009-03-24 17:58 <DIR> --d----- c:\docume~1\lee\applic~1\nidle
2009-03-24 17:57 0 a------- c:\windows\_id.dat
2009-03-24 17:57 86,016 a------- c:\windows\system32\u172489047.dll
2009-03-24 17:57 37,376 a------- c:\documents and settings\lee\reader_s.exe
2009-03-24 17:57 8,487 a------- c:\windows\system32\wf.exe
2009-03-24 17:57 8 a------- c:\windows\system32\comsa32.sys
2009-03-24 17:57 124 a------- c:\windows\system32\E.tmp
2009-03-19 19:39 <DIR> --d----- c:\windows\pss
2009-03-16 21:18 <DIR> --d----- c:\docume~1\lee\applic~1\McAfee.com Personal Firewall
2009-03-16 21:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2009-03-11 01:17 <DIR> --d-h--- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2009-03-24 18:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-24 17:59 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-02-22 11:52 5 a------- c:\windows\system32\drivers\DELL_XPS_Dell DV051 .MRK
2009-02-22 11:52 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_Dell DV051 .MRK
2009-02-22 09:14 6,736 a------- c:\windows\system32\drivers\sthdae.log
2009-02-05 10:54 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-30 14:05 60,488 ac------ c:\docume~1\lee\applic~1\GDIPFONTCACHEV1.DAT
2009-01-25 19:29 87,608 ac------ c:\docume~1\lee\applic~1\inst.exe
2009-01-25 19:29 47,360 ac------ c:\docume~1\lee\applic~1\pcouffin.sys
2009-01-25 19:21 361,600 a------- c:\windows\system32\dllcache\TCPIP.SYS
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2007-02-08 21:08 774,144 ac------ c:\program files\RngInterstitial.dll
2006-11-07 20:23 102,400 ac------ c:\docume~1\lee\applic~1\ezpinst.exe
2006-08-03 20:54 251 ac------ c:\program files\wt3d.ini
2006-11-15 17:12 104 ---shr-- c:\windows\system32\21BA1E74B7.sys
2006-11-15 17:09 88 ---shr-- c:\windows\system32\B7741EBA21.sys
2008-05-16 18:09 7,092 a--sh--- c:\windows\system32\GPprtBeg.ini2
2006-11-15 17:12 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:32:59.06 ===============

There are several problems with my PC. It is very slow to boot, when I do boot explorer.exe has to be started through the task manager.

When i boot explorer the CPU usage shoots up to 100% causing everything I do to be painfully slow.

I have also noticed that I can not use my anti virus, the shield deluxe. The XP security center is disabled, i can not use the firewall or automatic updates. System restore is also not working, I can open it and select a date to restore to but when i click next nothing happens.

I have also noticed that i have an unknown FAT32 partition on my NTFS hard disk, is this normal?

I have been doing a lot of research on the net to try and cure the problem and have used RegCure, Super Anti Spy, ATF cleaner and Spyware Blaster from advise on various forums.

I think the problem may have been caused by updating my drivers, i didn't really no what i was doing and initially used some that did not have signatures. I did then get the official updates from dell but the problem still exists.

I do not have a copy of my XP disk, so if a re-installation is required, i won't be able to do that. I'm out of ideas but perhaps someone more knowledgeable could please help me.

Regards

Lee

[chantelope]

An update,

I detirmined that I had rootkit on my machine and I got it cleaned. Once I got that cleaned some of my security features came back, my antivrus being one of them!

I ran my antivirus and it detected over 3000 infected files with a Win32 virus, I then deleted and disinfected these files. I think this virus infected everything it could!

However, I think i may have deleted some files that I shouldn't have as my all my network adapters are now showing a yellow ! in device manager and have error code 39. This has disabled my connection to the internet! There are also other applications such as chkdsk that can no longer be found.

I have recovered some of the files using the antivirus backup, but I do not know the locations of which ones I need to restore the drivers and chkdsk etc, with over 3000 possibilities where should I concentrate my efforts? If I uninstall the drivers will they reinstall themselves on restart?

I'm getting there slowly, any advice would be much appreciated.

Regards

Lee

[chantelope]

Hello,

I got fed up with tinkering with my pc and found out how to use the dell system restore. I have therefore reinstalled Windows and shall start again. This post can be closed.

Thanks to anybody who may have looked in to my problems for me.

Regards

Lee

[tetonbob]

Hello, Lee -

Sorry we missed you, this forum is very busy, and unfortnately, we don't always get to everyone.

In looking over your logs, I think you've done the best thing for your machine. You mentioned over 3000 infected files, and a Win32 virus, was it by any chance named Virut? If so, a format/destructive recovery is the safest and best solution for that particular infection, as it infects all .exe and .scr files on a machine, misinfecting them so that even though they may be disinfected by an antivirus, they remain corrupted and do not function properly. If you've backed up data from this machine before performing the Dell System Recovery, please ensure that no exe or scr files are reintroduced to the machine, if it was in fact Virut (also known as Virtob)

Think Prevention!