Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

where my HDD free space gone


  • This topic is locked This topic is locked
20 replies to this topic

#1 mosagman54

mosagman54

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 21 March 2009 - 09:58 AM


Dear friends
for 2 monthes now I had a strange problem for me my HDD C:/ is 80 GB WD the free space about 14 GB , my internet connection is DSL 256 ,when I surf the net and use my satellite pci card or bittorrent to download somethinge ( specially the last 2) after 2 hours or three I had an error message that I runout of space and I found that all the 14 GB had gone and I have to restart my PC to regain this free space although I make the timeshift folder of my pci satellite card on another HDD (D) also 80 GB , please help me to solve this proplem I did alot of scans and searches but nothing appeared to me
OS XPSP2
kaspersky internet security 2009
spy sweeper 6.1.0.107

thank you in advance
M.Said



DDS (Ver_09-03-16.01) - NTFSx86
Run by SAGY at 17:46:05.89 on Sat 03/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1023.222 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Documents and Settings\SAGY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon toolbar\BabylonIEToolBar.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] "c:\windows\system32\ctfmon.exe"
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
mRun: [InkSaver] "c:\program files\inksaver\InkSaver.exe" hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Search Image on TinEye - file://c:\documents and settings\sagy\my documents\tineye 1.0\TinEye.js
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
Trusted Zone: nirsoft.net
Trusted Zone: saudiairlines.com\www.bookonline
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-

469358f075a6/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-

d0d2d160e512/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230643570218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230642949562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-18 213520]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\sagy 10.6.07\compressed\winxp virtualcd controlpanel\VCdRom.sys [2007-4-21 8576]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r --> c:\program files\kaspersky

lab\kaspersky internet security 2009\avp.exe -r [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-25 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-3-19 1178728]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2009-2-23 26920]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2007-6-8 510992]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S2 CSIScanner;CSIScanner; [x]
S2 gupdate1c98c2f9853cc70;Google Update Service (gupdate1c98c2f9853cc70);c:\program files\google\update\GoogleUpdate.exe [2009-2-11

133104]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-19 603904]
S3 DCamUSBMR;CMOS 100K-R Rev. 1.90;c:\windows\system32\drivers\MR97110.sys [2007-12-26 111522]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and

settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\40.tmp --> c:\windows\system32\40.tmp [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-10-14 53312]
S4 CPQ;CPQ; [x]
S4 DLYM;DLYM; [x]
S4 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [2007-12-29 124416]

============== File Associations ===============

inffile=c:\windows\NOTEPAD.EXE %1
inifile=c:\windows\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1

=============== Created Last 30 ================

2009-03-21 17:17 114,688 a------- c:\windows\system32\OLD52E.tmp
2009-03-21 17:17 69,632 a------- c:\windows\system32\OLD52B.tmp
2009-03-21 17:17 36,864 a------- c:\windows\system32\OLD528.tmp
2009-03-21 17:17 135,168 a------- c:\windows\system32\OLD525.tmp
2009-03-21 17:13 114,688 a------- c:\windows\system32\OLD522.tmp
2009-03-21 17:12 413,696 a------- c:\windows\system32\OLD51F.tmp
2009-03-21 17:12 155,648 a------- c:\windows\system32\OLD51C.tmp
2009-03-21 17:12 163,840 a------- c:\windows\system32\OLD519.tmp
2009-03-21 17:11 491,520 a------- c:\windows\system32\OLD516.tmp
2009-03-20 08:51 <DIR> --d----- c:\program files\Reshade
2009-03-20 00:35 <DIR> --d----- c:\program files\GetData
2009-03-20 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{bd78f9f661583e4dbb3c3468a905e704}
2009-03-19 16:07 <DIR> --d----- c:\program files\MSN Messenger
2009-03-19 14:14 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-03-19 14:14 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-03-19 14:14 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-03-19 14:14 <DIR> --d----- c:\docume~1\sagy\applic~1\TuneUp Software
2009-03-19 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-03-19 14:13 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-03-19 12:35 <DIR> --d----- c:\docume~1\sagy\applic~1\Webroot
2009-03-19 12:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-03-18 13:29 <DIR> --d----- C:\ComboFix
2009-03-18 06:49 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 12:13 10 a------- c:\windows\wininit.ini
2009-03-14 17:28 <DIR> --d----- c:\documents and settings\sagy\Tracing
2009-03-14 17:13 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-03-14 16:49 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-14 16:02 <DIR> --d----- c:\program files\Microsoft
2009-03-14 15:11 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-13 23:55 <DIR> --d----- C:\ie-spyad_zo
2009-03-13 18:34 1,553,784 a------- c:\windows\WRSetup.dll
2009-03-13 18:34 <DIR> --d----- c:\program files\Webroot
2009-03-13 18:34 <DIR> --d----- c:\program files\AskSBar
2009-03-13 15:30 <DIR> --d----- c:\program files\XoftSpySE
2009-03-11 14:15 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-08 22:51 <DIR> --d----- c:\program files\a-squared HiJackFree
2009-03-04 18:52 <DIR> --d----- c:\documents and settings\sagy\Bluetooth Software
2009-03-04 18:04 539,512 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-04 18:04 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-04 18:04 37,424 a------- c:\windows\system32\drivers\btport.sys
2009-03-04 18:04 37,280 a------- c:\windows\system32\drivers\btwmodem.sys
2009-03-04 18:02 <DIR> --d----- c:\program files\WIDCOMM
2009-03-04 17:53 <DIR> --d----- C:\SWSetup
2009-03-04 15:05 <DIR> --d----- c:\program files\Uniblue
2009-03-04 15:05 <DIR> --d----- c:\docume~1\sagy\applic~1\Uniblue
2009-03-04 15:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-03-04 14:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-04 14:37 886,008 a------- c:\windows\system32\SNU.dll
2009-03-04 14:37 <DIR> --d----- c:\program files\2BrightSparks
2009-03-04 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2BrightSparks
2009-03-03 13:04 6,740 a------- c:\windows\system32\%LocalXml%
2009-03-03 00:18 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}
2009-03-01 19:02 <DIR> --d----- c:\program files\Save Flash
2009-02-25 15:24 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-25 15:24 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-25 15:24 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-23 12:51 0 a------- C:\s3ig
2009-02-23 01:10 26,920 a------- c:\windows\system32\drivers\dsnpfd.sys
2009-02-23 01:10 <DIR> --d----- c:\program files\BWMeter
2009-02-23 01:10 <DIR> --d----- c:\docume~1\sagy\applic~1\DeskSoft
2009-02-22 16:21 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-02-22 16:21 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-02-22 16:21 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-02-22 16:21 75,264 a------- c:\windows\system32\unacev2.dll
2009-02-22 16:21 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-02-22 16:21 <DIR> --d----- c:\program files\Trojan Remover
2009-02-22 16:21 <DIR> --d----- c:\docume~1\sagy\applic~1\Simply Super Software
2009-02-22 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-02-19 22:32 <DIR> --d----- c:\program files\WinDirStat

==================== Find3M ====================

2009-03-21 15:48 59,019,552 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-21 15:48 3,465,760 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-21 15:48 797,780 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-21 15:48 329,120 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-03 13:04 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-03 13:04 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-02-19 22:40 53,312 a------- c:\windows\system32\drivers\pssdklbf.sys
2009-02-19 22:40 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-02-09 21:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 13:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-05 16:03 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-30 02:02 103,488 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-01-30 01:57 23,976 a------- c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-30 00:54 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-01-22 17:49 206,256 a------- c:\windows\system32\idmmbc.dll
2008-12-30 21:16 2,678 a------- c:\windows\java\packages\data\EGEQL7XF.DAT
2008-12-30 21:16 2,678 a------- c:\windows\java\packages\data\KXJVH3NZ.DAT
2008-12-30 21:15 2,678 a------- c:\windows\java\packages\data\DNLZHRDF.DAT
2008-12-30 21:15 2,678 a------- c:\windows\java\packages\data\QO57RPJL.DAT
2008-12-30 21:15 2,678 a------- c:\windows\java\packages\data\DB5VJ3BN.DAT
2008-04-28 20:41 197 a--sh--- c:\program files\common files\maxtreme.dat
2007-12-04 21:41 47,360 a------- c:\docume~1\sagy\applic~1\pcouffin.sys
2008-02-08 21:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5

\mshist012008020820080209\index.dat

============= FINISH: 17:49:29.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:27 AM

Posted 30 March 2009 - 01:37 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 31 March 2009 - 10:17 AM

Dear friends
I still have the same problem that when I run bittorrent to download any file or run ProgDVB with my skystar 2pci satellite card my free space in HDD C ( 14 Giga byte) of 80 Giga WD HDD disappear after 2 or 3 hours and I have to reboot my computer to regain this space otherwise an error message ( you run out of space ) open several times and my PC stop responding
I made alot of scans with my Kaspersky Internet sacurity and Spy Sweeper but nothing there , I hope you will help me solving this annoing problem ,another problem the computer now take very long time saving my setting when I shutdown or even logoff,
windows XP SP2
Kaspersky Internet Security 2009
spy sweeper 6.1.7
internet explorer 7
DSL 256
and I made the timeshift folder in HDD D also the recording folder of ProgDVB



DDS (Ver_09-03-16.01) - NTFSx86
Run by SAGY at 17:56:24.96 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1023.335 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\SAGY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon toolbar\BabylonIEToolBar.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] "c:\windows\system32\ctfmon.exe"
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
mRun: [InkSaver] "c:\program files\inksaver\InkSaver.exe" hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Search Image on TinEye - file://c:\documents and settings\sagy\my documents\tineye 1.0\TinEye.js
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
Trusted Zone: nirsoft.net
Trusted Zone: saudiairlines.com\www.bookonline
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230643570218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230642949562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sagy\applic~1\mozilla\firefox\profiles\9gh07uxy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\sagy\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: general.useragent.override - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
FF - user.js: network.http.max-persistent-connections-per-server - 3

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-18 213520]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\sagy 10.6.07\compressed\winxp virtualcd controlpanel\VCdRom.sys [2007-4-21 8576]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-25 603904]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-25 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-3-19 1178728]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2009-2-23 26920]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2007-6-8 510992]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S2 CSIScanner;CSIScanner; [x]
S2 gupdate1c98c2f9853cc70;Google Update Service (gupdate1c98c2f9853cc70);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 DCamUSBMR;CMOS 100K-R Rev. 1.90;c:\windows\system32\drivers\MR97110.sys [2007-12-26 111522]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\40.tmp --> c:\windows\system32\40.tmp [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-10-14 53312]
S4 CPQ;CPQ; [x]
S4 DLYM;DLYM; [x]
S4 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [2007-12-29 124416]

============== File Associations ===============

inffile=c:\windows\NOTEPAD.EXE %1
inifile=c:\windows\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1

=============== Created Last 30 ================

2009-03-26 18:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM
2009-03-26 18:06 <DIR> --d----- c:\program files\IncrediMail
2009-03-26 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail
2009-03-26 17:57 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-26 17:57 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-26 17:57 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-26 17:57 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-26 17:57 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-26 17:57 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-26 17:57 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-25 23:54 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-03-25 23:54 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-03-25 23:54 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-03-25 22:05 <DIR> --d----- c:\program files\ACW
2009-03-24 06:54 <DIR> --d----- c:\program files\Quran Kareem
2009-03-20 08:51 <DIR> --d----- c:\program files\Reshade
2009-03-20 00:35 <DIR> --d----- c:\program files\GetData
2009-03-20 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{bd78f9f661583e4dbb3c3468a905e704}
2009-03-19 16:07 <DIR> --d----- c:\program files\MSN Messenger
2009-03-19 14:14 <DIR> --d----- c:\docume~1\sagy\applic~1\TuneUp Software
2009-03-19 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-03-19 14:13 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-03-19 12:35 <DIR> --d----- c:\docume~1\sagy\applic~1\Webroot
2009-03-19 12:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-03-18 13:29 <DIR> --d----- C:\ComboFix
2009-03-18 06:49 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 12:13 10 a------- c:\windows\wininit.ini
2009-03-14 17:28 <DIR> --d----- c:\documents and settings\sagy\Tracing
2009-03-14 17:13 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-03-14 16:49 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-14 16:02 <DIR> --d----- c:\program files\Microsoft
2009-03-14 15:11 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-13 23:55 <DIR> --d----- C:\ie-spyad_zo
2009-03-13 18:34 1,553,784 a------- c:\windows\WRSetup.dll
2009-03-13 18:34 <DIR> --d----- c:\program files\Webroot
2009-03-13 18:34 <DIR> --d----- c:\program files\AskSBar
2009-03-13 15:30 <DIR> --d----- c:\program files\XoftSpySE
2009-03-11 14:15 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-08 22:51 <DIR> --d----- c:\program files\a-squared HiJackFree
2009-03-04 18:52 <DIR> --d----- c:\documents and settings\sagy\Bluetooth Software
2009-03-04 18:04 539,512 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-04 18:04 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-04 18:04 37,424 a------- c:\windows\system32\drivers\btport.sys
2009-03-04 18:04 37,280 a------- c:\windows\system32\drivers\btwmodem.sys
2009-03-04 18:02 <DIR> --d----- c:\program files\WIDCOMM
2009-03-04 17:53 <DIR> --d----- C:\SWSetup
2009-03-04 15:05 <DIR> --d----- c:\program files\Uniblue
2009-03-04 15:05 <DIR> --d----- c:\docume~1\sagy\applic~1\Uniblue
2009-03-04 15:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-03-04 14:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-04 14:37 886,008 a------- c:\windows\system32\SNU.dll
2009-03-04 14:37 <DIR> --d----- c:\program files\2BrightSparks
2009-03-04 14:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2BrightSparks
2009-03-03 13:04 525 a------- c:\windows\system32\%LocalXml%
2009-03-03 00:18 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}
2009-03-01 19:02 <DIR> --d----- c:\program files\Save Flash

==================== Find3M ====================

2009-03-30 22:35 329,120 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-30 22:35 3,465,760 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-30 22:35 797,780 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-30 22:35 59,019,552 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-26 00:42 30,601 a------- c:\windows\java\x.exe
2009-03-03 13:04 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-03 13:04 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-02-25 15:24 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-25 15:24 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-25 15:24 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-23 01:10 26,920 a------- c:\windows\system32\drivers\dsnpfd.sys
2009-02-19 22:40 53,312 a------- c:\windows\system32\drivers\pssdklbf.sys
2009-02-19 22:40 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-02-09 21:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 13:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-05 16:03 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-30 00:54 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-01-22 17:49 206,256 a------- c:\windows\system32\idmmbc.dll
2008-04-28 20:41 197 a--sh--- c:\program files\common files\maxtreme.dat
2007-12-04 21:41 47,360 a------- c:\docume~1\sagy\applic~1\pcouffin.sys
2008-02-08 21:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008020820080209\index.dat

============= FINISH: 17:58:09.64 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 02 April 2009 - 03:15 PM

Hello.

Let's see what we can do.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent/b]). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from [b]here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.
Also take a fresh DDS.txt log please.

With Regards,
The Panda

#5 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 06 April 2009 - 04:27 AM

Dear Friends
thank you for your caring and great help , and I'm sorry for being late ,I did all what you ask me to do and the problem is sill there and the very long time to shutdown and even if I try to close IE 7 or Microsoft Office " Word" it take long time to close and I have to hit it several times to close them ,
thank you inadvance and best wishes
Mohammad Said

Malwarebytes' Anti-Malware 1.35
Database version: 1941
Windows 5.1.2600 Service Pack 2

05/04/2009 07:52:45
mbam-log-2009-04-05 (19-52-35).txt

Scan type: Quick Scan
Objects scanned: 92244
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> No action taken.




DDS (Ver_09-03-16.01) - NTFSx86
Run by SAGY at 12:07:27.98 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1023.549 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\SAGY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon toolbar\BabylonIEToolBar.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] "c:\windows\system32\ctfmon.exe"
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
mRun: [InkSaver] "c:\program files\inksaver\InkSaver.exe" hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Search Image on TinEye - file://c:\documents and settings\sagy\my documents\tineye 1.0\TinEye.js
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
Trusted Zone: cracks.am\www
Trusted Zone: nirsoft.net
Trusted Zone: saudiairlines.com\www.bookonline
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230643570218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230642949562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sagy\applic~1\mozilla\firefox\profiles\9gh07uxy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\sagy\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: general.useragent.override - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
FF - user.js: network.http.max-persistent-connections-per-server - 3

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-18 213520]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\sagy 10.6.07\compressed\winxp virtualcd controlpanel\VCdRom.sys [2007-4-21 8576]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-25 603904]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-2-25 4048240]
R3 DCamUSBMR;CMOS 100K-R Rev. 1.90;c:\windows\system32\drivers\MR97110.sys [2007-12-26 111522]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2009-2-23 26920]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2007-6-8 510992]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r [?]
S2 CSIScanner;CSIScanner; [x]
S2 gupdate1c98c2f9853cc70;Google Update Service (gupdate1c98c2f9853cc70);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-4-2 1178728]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\40.tmp --> c:\windows\system32\40.tmp [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-10-14 53312]
S4 CPQ;CPQ; [x]
S4 DLYM;DLYM; [x]
S4 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [2007-12-29 124416]

============== File Associations ===============

inffile=c:\windows\NOTEPAD.EXE %1
inifile=c:\windows\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1

=============== Created Last 30 ================

2009-04-05 19:28 <DIR> --d----- c:\docume~1\sagy\applic~1\Malwarebytes
2009-04-05 19:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-05 19:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 19:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-05 19:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 06:43 142 a------- c:\windows\system32\spupdsvc.inf
2009-04-03 21:21 69,632 a------- c:\windows\system32\WMErrFRA.dll
2009-04-03 21:21 39,340 a------- c:\windows\WMPrfFRA.prx
2009-04-03 21:21 <DIR> --d----- c:\windows\system32\1036
2009-04-03 21:21 189 a------- c:\windows\muifr.reg
2009-04-02 23:45 <DIR> --d----- c:\docume~1\sagy\applic~1\Webroot
2009-04-02 23:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-03-26 18:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IM
2009-03-26 18:06 <DIR> --d----- c:\program files\IncrediMail
2009-03-26 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IncrediMail
2009-03-26 17:57 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-26 17:57 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-26 17:57 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-26 17:57 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-26 17:57 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-26 17:57 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-26 17:57 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-25 23:54 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-03-25 23:54 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-03-25 23:54 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-03-25 22:05 <DIR> --d----- c:\program files\ACW
2009-03-24 06:54 <DIR> --d----- c:\program files\Quran Kareem
2009-03-20 08:51 <DIR> --d----- c:\program files\Reshade
2009-03-20 00:35 <DIR> --d----- c:\program files\GetData
2009-03-20 00:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{bd78f9f661583e4dbb3c3468a905e704}
2009-03-19 16:07 <DIR> --d----- c:\program files\MSN Messenger
2009-03-19 14:14 <DIR> --d----- c:\docume~1\sagy\applic~1\TuneUp Software
2009-03-19 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-03-19 14:13 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-03-18 13:29 <DIR> --d----- C:\ComboFix
2009-03-18 06:49 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 12:13 10 a------- c:\windows\wininit.ini
2009-03-14 17:28 <DIR> --d----- c:\documents and settings\sagy\Tracing
2009-03-14 17:13 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-03-14 16:49 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-14 16:02 <DIR> --d----- c:\program files\Microsoft
2009-03-14 15:11 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-13 23:55 <DIR> --d----- C:\ie-spyad_zo
2009-03-13 18:34 1,553,784 a------- c:\windows\WRSetup.dll
2009-03-13 18:34 <DIR> --d----- c:\program files\Webroot
2009-03-13 18:34 <DIR> --d----- c:\program files\AskSBar
2009-03-13 15:30 <DIR> --d----- c:\program files\XoftSpySE
2009-03-11 14:15 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-10 22:18 1,482,112 -------- c:\windows\system32\SET74.tmp
2009-03-10 22:18 239,496 -------- c:\windows\system32\SET75.tmp
2009-03-08 22:51 <DIR> --d----- c:\program files\a-squared HiJackFree

==================== Find3M ====================

2009-04-06 01:19 59,019,552 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-06 01:19 3,465,760 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-06 01:19 797,780 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-06 01:19 329,120 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-02 22:39 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-02 22:39 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-26 00:42 30,601 a------- c:\windows\java\x.exe
2009-02-25 15:24 176,752 a------- c:\windows\system32\drivers\ssidrv.sys
2009-02-25 15:24 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2009-02-25 15:24 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-23 01:10 26,920 a------- c:\windows\system32\drivers\dsnpfd.sys
2009-02-19 22:40 53,312 a------- c:\windows\system32\drivers\pssdklbf.sys
2009-02-19 22:40 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-02-09 21:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 13:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-05 16:03 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-30 00:54 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-01-22 17:49 206,256 a------- c:\windows\system32\idmmbc.dll
2008-04-28 20:41 197 a--sh--- c:\program files\common files\maxtreme.dat
2007-12-04 21:41 47,360 a------- c:\docume~1\sagy\applic~1\pcouffin.sys
2008-02-08 21:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008020820080209\index.dat

============= FINISH: 12:09:26.09 ===============

Attached Files


Edited by PropagandaPanda, 06 April 2009 - 04:38 PM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 06 April 2009 - 04:51 PM

Hello.

I see evidence of use of cracks and keygens.

You should know that use of these is considered illegal activity, as it bypasses copyright laws.

Moreover, more often than not, the files associated contain malware. People who create and distribute such items make profits by putting infections into the files. Merely visiting sites that contain these files is a security risk.

Antivirus programs cannot protect you against what you are deliberately running.

I strongly suggest that you remove all files and programs associated with cracks and keygens, in addition to not using them in the future.

The HJT Team are not tolerent of members that continue to be reinfected from use of such programs.
-------
If this file exists, please post back with it:
C:\ComboFix.txt

With Regards,
The Panda

#7 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 07 April 2009 - 11:13 PM

Dear friend
thank you for your precious advice and here is the file you asked for but I don't know if you want a new one or this one.

ComboFix 09-03-15.01 - SAGY 03/18/2009 13:31:04.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1023.709 [GMT 3:00]
Running from: c:\documents and settings\SAGY\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 05:27 797,780 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-18 05:27 59,019,552 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-18 05:27 329,120 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-18 05:27 3,465,760 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-18 05:09 --------- d-----w c:\documents and settings\SAGY\Application Data\DMCache
2009-03-18 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-18 03:49 --------- d-----w c:\program files\Trend Micro
2009-03-17 21:13 --------- d-----w c:\program files\Trojan Remover
2009-03-17 15:43 --------- d-----w c:\documents and settings\SAGY\Application Data\BitTorrent
2009-03-16 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-14 17:57 --------- d-----w c:\documents and settings\SAGY\Application Data\Metacafe
2009-03-14 14:14 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 14:13 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-14 14:13 --------- d-----w c:\program files\Microsoft
2009-03-14 14:11 --------- d-----w c:\program files\Windows Live
2009-03-14 14:09 --------- d-----w c:\program files\Microsoft Sync Framework
2009-03-14 13:49 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-14 12:11 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-13 19:40 --------- d-----w c:\program files\DAEMON Tools
2009-03-13 16:38 775,168 ----a-w c:\windows\isRS-000.tmp
2009-03-13 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-03-13 15:34 --------- d-----w c:\program files\Webroot
2009-03-13 15:34 --------- d-----w c:\program files\AskSBar
2009-03-13 15:34 --------- d-----w c:\documents and settings\SAGY\Application Data\Webroot
2009-03-13 13:30 --------- d-----w c:\program files\XoftSpySE
2009-03-13 13:12 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-11 18:15 --------- d-----w c:\program files\ICQ6.5
2009-03-11 12:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-11 12:16 --------- d-----w c:\documents and settings\Administrator.DREAMS\Application Data\Simply Super Software
2009-03-11 11:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 11:15 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-09 21:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-08 19:52 --------- d-----w c:\program files\a-squared HiJackFree
2009-03-05 15:13 --------- d-----w c:\program files\Save Flash
2009-03-05 14:59 --------- d-----w c:\documents and settings\SAGY\Application Data\Vso
2009-03-05 14:10 1,553,784 ----a-w c:\windows\WRSetup.dll
2009-03-04 15:02 --------- d-----w c:\program files\WIDCOMM
2009-03-04 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-04 12:05 --------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-04 12:05 --------- d-----w c:\program files\Uniblue
2009-03-04 12:05 --------- d-----w c:\documents and settings\SAGY\Application Data\Uniblue
2009-03-04 11:37 --------- d-----w c:\program files\2BrightSparks
2009-03-04 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\2BrightSparks
2009-03-03 10:04 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-03 10:04 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-03 04:55 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-03 04:53 --------- d-----w c:\program files\DScaler5
2009-03-02 21:33 --------- d-----w c:\documents and settings\SAGY\Application Data\Tor
2009-03-02 21:31 --------- d--h--w c:\documents and settings\All Users\Application Data\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}
2009-03-02 12:11 --------- d-----w c:\program files\myBabylon_English
2009-02-25 21:04 --------- d-----w c:\program files\Internet Download Manager
2009-02-25 12:24 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-02-25 12:24 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-02-25 12:24 176,752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-02-23 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-02-23 20:55 --------- d-----w c:\documents and settings\SAGY\Application Data\Babylon
2009-02-22 22:10 26,920 ----a-w c:\windows\system32\drivers\dsnpfd.sys
2009-02-22 22:10 --------- d-----w c:\program files\BWMeter
2009-02-22 22:10 --------- d-----w c:\documents and settings\SAGY\Application Data\DeskSoft
2009-02-22 18:55 --------- d-----w c:\documents and settings\SAGY\Application Data\Download Manager
2009-02-22 13:21 --------- d-----w c:\documents and settings\SAGY\Application Data\Simply Super Software
2009-02-22 13:21 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-19 20:14 --------- d-----w c:\documents and settings\SAGY\Application Data\DivX
2009-02-19 19:59 --------- d-----w c:\program files\DivX
2009-02-19 19:40 53,312 ----a-w c:\windows\system32\drivers\pssdklbf.sys
2009-02-19 19:40 36,928 ----a-w c:\windows\system32\drivers\pssdk41.sys
2009-02-19 19:34 --------- d-----w c:\program files\SlySoft
2009-02-19 19:32 --------- d-----w c:\program files\WinDirStat
2009-02-19 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft
2009-02-17 16:07 --------- d-----w c:\program files\UltraISO
2009-02-17 16:07 --------- d-----w c:\program files\Common Files\EZB Systems
2009-02-13 19:39 --------- d-----w c:\program files\ExtractNow
2009-02-11 10:22 --------- d-----w c:\program files\Google
2009-02-10 13:28 --------- d-----w c:\documents and settings\SAGY\Application Data\JAM Software
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-07 08:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 08:33 --------- d-----w c:\program files\NextSecurity.NET
2009-02-06 16:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 15:31 --------- d-----w c:\program files\7-Zip
2009-02-06 15:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-05 15:02 --------- d-----w c:\documents and settings\SAGY\Application Data\Printer Info Cache
2009-02-05 15:02 --------- d-----w c:\documents and settings\SAGY\Application Data\Image Zone Express
2009-02-05 15:01 --------- d-----w c:\program files\HP
2009-02-05 15:01 --------- d-----w c:\program files\Common Files\HP
2009-02-05 13:30 --------- d-----w c:\program files\VIA
2009-02-05 13:03 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-05 03:22 --------- d-----w c:\program files\ICQ6Toolbar
2009-02-04 20:41 --------- d-----w c:\documents and settings\All Users\Application Data\ICQ
2009-02-04 17:52 --------- d-----w c:\program files\RadarSync
2009-02-04 15:00 --------- d-----w c:\documents and settings\SAGY\Application Data\Gold Casual Games
2009-02-04 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Gold Casual Games
2009-02-04 13:41 --------- d-----w c:\program files\ThreatExpert Memory Scanner
2009-02-03 07:48 --------- d-----w c:\program files\MPEG2_Decoders
2009-02-01 09:08 --------- d-----w c:\program files\CyberLink
2009-01-31 11:07 --------- d-----w c:\documents and settings\SAGY\Application Data\AVS4YOU
2009-01-31 11:07 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-31 11:06 --------- d-----w c:\program files\AVS4YOU
2009-01-31 11:05 --------- d-----w c:\program files\Common Files\AVSMedia
2008-02-08 18:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008020820080209\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [03/13/2009 06:34 PM 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
03/13/2009 06:34 PM 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
03/02/2009 03:16 PM 1883672 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [03/02/2009 03:16 PM 1883672]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [03/02/2009 03:16 PM 1883672]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:56 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [11/10/2008 03:07 PM 1253376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InkSaver"="c:\program files\InkSaver\InkSaver.exe" [10/20/2003 06:47 PM 458752]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [03/05/2009 05:10 PM 6308728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:56 AM 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-06 576104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinPatrol"=c:\program files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"FAHESS_McciTrayApp"=c:\program files\FAHESS\McciTrayApp.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"MotiveReportAgent"="c:\program files\Fahess_Activation\McciBrowser.exe" -appkey=Fahess_Activation -hidden -url=file:///C:/Program%20Files/Fahess_Activation/ReportAgent.html
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-03-13 1178728]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S1 vcdrom;Virtual CD-ROM Device Driver;d:\sagy 10.6.07\Compressed\WinXP VirtualCd ControlPanel\VCdRom.sys [2007-04-21 8576]
S2 CSIScanner;CSIScanner; [x]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-14 55152]
S2 gupdate1c98c2f9853cc70;Google Update Service (gupdate1c98c2f9853cc70);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 DCamUSBMR;CMOS 100K-R Rev. 1.90;c:\windows\system32\drivers\MR97110.sys [2007-12-26 111522]
S3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2009-02-23 26920]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2E.tmp --> c:\windows\system32\2E.tmp [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-10-14 53312]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2007-06-08 510992]
S4 CPQ;CPQ; [x]
S4 DLYM;DLYM; [x]
S4 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [2007-12-29 124416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [02/11/2009 12:48 PM]

2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [02/11/2009 01:00 PM]

2009-03-18 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [11/01/2008 12:32 AM]

2009-03-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [11/01/2008 12:32 AM]

2009-03-18 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [03/13/2009 03:59 PM]

2009-03-14 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [03/13/2009 03:59 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Search Image on TinEye - file://c:\documents and settings\SAGY\My Documents\TinEye 1.0\TinEye.js
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Trusted Zone: saudiairlines.com\www.bookonline
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath -
.
.
------- File Associations -------
.
inffile=c:\windows\NOTEPAD.EXE %1
inifile=c:\windows\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 13:36:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E38970F-2F49-C7D6-AA1E-B2AA9E13F222}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ablkkahopakkjfaigmfpocaaoddnalngkm"=hex:6b,61,70,62,65,64,62,66,66,68,6d,6c,
68,61,6d,62,69,6a,64,6c,67,65,00,00
"pablecpfdfaiaaabmcoheikpldibblhn"=hex:6b,61,65,6e,61,64,6f,67,61,65,64,6b,65,
69,6a,68,69,70,66,66,62,6b,00,00
"abphccpphbojfmihekefpjnmpehlfenlbg"=hex:6e,61,69,6a,65,6d,66,70,68,66,6a,69,
6f,64,6c,6c,6f,62,6e,6c,63,6d,69,65,6f,63,69,6c,00,ff
"maohjodpahmimliekdhbinjefe"=hex:6a,61,65,6e,63,64,6c,68,70,6c,65,68,6d,6f,67,
6a,67,70,66,6f,00,6d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{280cef45-658d-4553-ac41-f27f407f126b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000123
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,db,0e,44,80,3e,
07,85,23,05,98,32,02,34,2b,da,61,10,87,3b,cb,63,f6,10,06,03,38,6f,92,53,33,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):44,8d,fb,c0,6a,78,28,18,0e,86,72,b5,c8,2c,ac,87,40,a5,3e,a3,45,
70,83,10,96,45,71,2e,88,40,61,cf,64,95,d2,48,38,b9,77,ef,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{747487e2-5e13-488f-a3b9-29fe5adb4caf}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a5
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d3,e7,7d,b6,5a,f2,54,ca,b1,12,1c,90,02,77,be,0c,37,92,3e,66,06,
da,68,7c,98,48,a4,33,63,95,d1,65,e1,13,72,7c,d2,44,46,54,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(260)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 03/18/2009 13:44:58
ComboFix-quarantined-files.txt 2009-03-18 10:43:40
ComboFix2.txt 2009-03-18 04:34:25

Pre-Run: 16,787,963,904 bytes free
Post-Run: 16,226,463,744 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
298

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 08 April 2009 - 10:57 AM

Hello.

Ask Toolbar is considered adware. I would suggest that you uninstall it using Add/Remove Programs.

Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

Install From Windows Updates
Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please reboot and repeat this process until there are no more updates to install.

After, take a new DDS.txt log and tell me if there is any change in symptoms.

With Regards,
The Panda

#9 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 April 2009 - 05:46 PM

Dear Friend
thank you very much for your caring and here is the log you asked for ,but by accedent I discovered a file named LogFile.Etl located in drive C and growing very very fast , when I discovered it it's size was 7 giga but after less than 40 minutes it became 13 giga I didn't know what it for and if it safe to delet it and how to prevent it from coming up and growing that fast again because I think it's the cause of my problem ,
thank you in advance and best regards
Mohammad Said


Malwarebytes' Anti-Malware 1.36
Database version: 1962
Windows 5.1.2600 Service Pack 2

10/04/2009 07:42:43
mbam-log-2009-04-10 (19-42-43).txt

Scan type: Quick Scan
Objects scanned: 94388
Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 10 April 2009 - 07:07 PM

Hello.

That appears to be some kind of performace logger.

Please boot into Safe Mode. Delete the file.

Reboot into normal mode. Does the file reappear?

With Regards,
The Panda

#11 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 11 April 2009 - 02:15 PM

Dear Friend
yes every time I boot this file reappear and it start with 0 kb and grow on especially when I open IE7 or ProgDVB or Bittorent and it reaches more than 14 GB in about 2 or 3 hours ,meantime I delet it in normal mode and regain the lost free space immedialy and it never come back until I reboot again,
Best Regards
M.Said

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 12 April 2009 - 09:25 AM

Hello.

Let's try this.

In normal mode, delete the file.

In the C:\ drive, right click in the Explorer window and select New -> Folder. Name the folder "LogFile.Etl".

Restart your computer.

With Regards,
The Panda

#13 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 16 April 2009 - 06:14 AM

Dear Friend
I'm very sorry for being late but after I did what you told me and it work fine ( thank you very much ) I want to be shure and try it for several days with all the programs involved , it was OK the only problem I met when try to use BootLog XP because it can't give me the final log file for several times untill I delete the new file I made and reboot and the original file appears aggain ( this file is related to System according to the Unlocker Program) ,
now it's alwright but still shutdown in about 5 minutes and don't know the reason,
Best Regards
M.Said

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 16 April 2009 - 02:18 PM

Hello.

Please post a new set of DDS logs. Perhaps the Event logs can tell us something.

With Regards,
The Panda

#15 mosagman54

mosagman54
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 17 April 2009 - 11:15 AM

Dear Friend
I'm sorry but sometimes I can't open my email daily 'here is the post you asked for



DDS (Ver_09-03-16.01) - NTFSx86
Run by SAGY at 19:08:11.42 on Fri 04/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1023.466 [GMT 3:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\SAGY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Babylon: {965b54b0-71e0-4611-8de7-f73fa0b20e26} - c:\program files\babylon\babylon toolbar\BabylonIEToolBar.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB0.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
mRun: [InkSaver] c:\program files\inksaver\InkSaver.exe hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Search Image on TinEye - file://c:\documents and settings\sagy\my documents\tineye 1.0\TinEye.js
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
Trusted Zone: cracks.am\www
Trusted Zone: nirsoft.net
Trusted Zone: saudiairlines.com\www.bookonline
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230643570218
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230642949562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2002-7-19 6656]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-18 213520]
R1 vcdrom;Virtual CD-ROM Device Driver;d:\sagy 10.6.07\compressed\winxp virtualcd controlpanel\VCdRom.sys [2007-4-21 8576]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-25 603904]
R3 DCamUSBMR;CMOS 100K-R Rev. 1.90;c:\windows\system32\drivers\MR97110.sys [2007-12-26 111522]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2009-2-23 26920]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2007-6-8 510992]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S2 CSIScanner;CSIScanner; [x]
S2 gupdate1c98c2f9853cc70;Google Update Service (gupdate1c98c2f9853cc70);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\40.tmp --> c:\windows\system32\40.tmp [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-10-14 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-10-14 53312]
S4 CPQ;CPQ; [x]
S4 DLYM;DLYM; [x]
S4 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [2007-12-29 124416]

============== File Associations ===============

inffile=c:\windows\NOTEPAD.EXE %1
inifile=c:\windows\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1

=============== Created Last 30 ================


==================== Find3M ====================

2009-04-17 01:17 59,019,552 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-17 01:17 3,465,760 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-04-17 01:17 797,780 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-17 01:17 329,120 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-04-02 22:39 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-04-02 22:39 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-26 00:42 30,601 a------- c:\windows\java\x.exe
2009-03-10 22:18 1,482,112 -------- c:\windows\system32\SET74.tmp
2009-03-10 22:18 239,496 -------- c:\windows\system32\SET75.tmp
2009-02-26 23:47 2,255,360 a------- c:\windows\system32\x264vfw.dll
2009-02-23 01:10 26,920 a------- c:\windows\system32\drivers\dsnpfd.sys
2009-02-19 22:40 53,312 a------- c:\windows\system32\drivers\pssdklbf.sys
2009-02-19 22:40 36,928 a------- c:\windows\system32\drivers\pssdk41.sys
2009-02-09 13:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-01-30 00:54 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2008-04-28 20:41 197 a--sh--- c:\program files\common files\maxtreme.dat
2007-12-04 21:41 47,360 a------- c:\docume~1\sagy\applic~1\pcouffin.sys
2008-02-08 21:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008020820080209\index.dat

============= FINISH: 19:10:49.73 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users