Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

constant hard drive access


  • This topic is locked This topic is locked
17 replies to this topic

#1 sinsanity

sinsanity

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 09 September 2009 - 05:16 PM

Can't figure out how to stop constant hard drive access:


RootRepeal gives me a blue screen of death.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Port at 15:12:01.84 on Wed 09/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_07binssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg8toolbarIEToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [Aim6] "c:program filesaim6aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelliPoint] "c:program filesmicrosoft intellipointipoint.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [StartCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun
mRun: [DeltTray] DeltTray.exe
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
dRun: [GizmoDriveDelegate] RUNDLL32.EXE c:progra~1gizmoGDRIVE.DLL,Remount_Startup_Images
StartupFolder: c:docume~1alluse~1startm~1programsstartupmultim~1.lnk - c:program filesmmtaskbarMultiMon.exe
IE: E&xport to Microsoft Excel - c:progra~1micros~2office10EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_07binssv.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217504392796
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188809919796
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1portapplic~1mozillafirefoxprofilesh4rtaqhb.default
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpDimdimControl.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpitifffree.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("media.enforce_same_site_origin", false);
c:program filesmozilla firefoxgreprefsall.js - pref("media.cache_size", 51200);
c:program filesmozilla firefoxgreprefsall.js - pref("media.ogg.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("media.wave.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("media.autoplay.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.urlbar.autocomplete.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:program filesmozilla firefoxgreprefsall.js - pref("dom.storage.default_quota", 5120);
c:program filesmozilla firefoxgreprefsall.js - pref("content.sink.event_probe_rate", 3);
c:program filesmozilla firefoxgreprefsall.js - pref("network.http.prompt-temp-redirect", true);
c:program filesmozilla firefoxgreprefsall.js - pref("layout.css.dpi", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("layout.css.devPixelsPerPx", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("gestures.enable_single_finger_input", true);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.max_chrome_script_run_time", 0);
c:program filesmozilla firefoxgreprefsall.js - pref("network.tcp.sendbuffer", 131072);
c:program filesmozilla firefoxgreprefsall.js - pref("geo.enabled", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.blocklist.level", 2);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.urlbar.restrict.typed", "~");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.urlbar.default.behavior", 0);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.history", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.cache", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.history", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.formdata", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.passwords", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.downloads", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.cookies", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.cache", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.sessions", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.offlineApps", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.siteSettings", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.ssl_override_behavior", 2);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.privatebrowsing.autostart", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


============== File Associations ===============

vbefileshellopen2command=%SystemRoot%System32CScript.exe "%1" %*
vbsfileshellopen2command=%SystemRoot%System32CScript.exe "%1" %*
jsefileshellopen2command=%SystemRoot%System32CScript.exe "%1" %*

=============== Created Last 30 ================

2009-09-09 15:10 359,932 a------- C:dds.scr
2009-09-08 21:56 153,088 -c------ c:windowssystem32dllcachetriedit.dll
2009-09-07 19:29 <DIR> --d----- c:program filesblogTV.com Plugin for AOL Instant Messenger
2009-09-07 19:14 <DIR> --d----- c:program filesMarratech
2009-09-07 18:46 <DIR> --d----- c:program filesDimdim
2009-09-07 18:46 <DIR> --d----- c:docume~1portapplic~1Dimdim
2009-09-07 18:46 100,232 a------- c:documents and settingsportDimdimSetup.exe
2009-09-07 18:21 <DIR> --d----- c:docume~1portapplic~1Paltalk
2009-09-07 10:54 <DIR> --d----- c:program filesTrend Micro
2009-09-07 06:41 <DIR> --d----- c:docume~1portapplic~1Malwarebytes
2009-09-07 06:41 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-09-07 06:41 19,096 a------- c:windowssystem32driversmbam.sys
2009-09-07 06:41 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-09-07 06:41 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-09-05 23:46 91,136 ac------ c:windowssystem32dllcachekswdmcap.ax
2009-09-05 23:46 91,136 a------- c:windowssystem32kswdmcap.ax
2009-09-05 23:46 61,952 ac------ c:windowssystem32dllcachekstvtune.ax
2009-09-05 23:46 53,760 ac------ c:windowssystem32dllcachevfwwdm32.dll
2009-09-05 23:46 61,952 a------- c:windowssystem32kstvtune.ax
2009-09-05 23:46 53,760 a------- c:windowssystem32vfwwdm32.dll
2009-09-05 23:46 20,992 ac------ c:windowssystem32dllcachedshowext.ax
2009-09-05 23:46 20,992 a------- c:windowssystem32dshowext.ax
2009-09-05 23:46 43,008 ac------ c:windowssystem32dllcacheksxbar.ax
2009-09-05 23:46 43,008 a------- c:windowssystem32ksxbar.ax
2009-08-25 18:09 <DIR> --d----- c:docume~1portapplic~1n-Track Software Data
2009-08-22 17:58 1,089,593 -c------ c:windowssystem32dllcachentprint.cat
2009-08-22 03:07 597,504 -c------ c:windowssystem32dllcacheprintfilterpipelinesvc.exe
2009-08-22 03:07 575,488 -c------ c:windowssystem32dllcachexpsshhdr.dll
2009-08-22 03:07 89,088 -c------ c:windowssystem32dllcachefilterpipelineprintproc.dll
2009-08-22 03:07 1,676,288 -c------ c:windowssystem32dllcachexpssvcs.dll
2009-08-12 11:47 128,512 -c------ c:windowssystem32dllcachedhtmled.ocx
2009-08-12 11:47 1,315,328 -c------ c:windowssystem32dllcachemsoe.dll
2009-08-11 22:33 290,816 a------- c:windowssystem32decdll.dll
2009-08-11 22:33 <DIR> --d----- c:program filesFree Video Converter
2009-08-11 01:01 <DIR> --d----- c:docume~1portapplic~1ImTOO Software Studio
2009-08-11 00:30 <DIR> --d----- c:program filesImTOO

==================== Find3M ====================

2009-08-22 09:16 335,240 a------- c:windowssystem32driversavgldx86.sys
2009-08-22 09:16 11,952 a------- c:windowssystem32avgrsstx.dll
2009-08-05 02:01 204,800 a------- c:windowssystem32mswebdvd.dll
2009-07-28 14:33 25,088 a------- c:windowssystem32msxml3a.dll
2009-07-17 12:01 58,880 a------- c:windowssystem32atl.dll
2009-07-16 01:25 161,748 a------- c:windowspchealthhelpctrconfigcachePersonal_32_1033.dat
2009-07-13 23:43 286,208 a------- c:windowssystem32wmpdxm.dll
2009-07-03 10:09 915,456 a------- c:windowssystem32wininet.dll
2009-06-25 01:25 730,112 a------- c:windowssystem32lsasrv.dll
2009-06-25 01:25 301,568 a------- c:windowssystem32kerberos.dll
2009-06-25 01:25 147,456 a------- c:windowssystem32schannel.dll
2009-06-25 01:25 136,192 a------- c:windowssystem32msv1_0.dll
2009-06-25 01:25 56,832 a------- c:windowssystem32secur32.dll
2009-06-25 01:25 54,272 a------- c:windowssystem32wdigest.dll
2009-06-16 07:36 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 07:36 81,920 a------- c:windowssystem32fontsub.dll
2009-06-12 05:31 76,288 a------- c:windowssystem32telnet.exe
2008-11-24 20:25 514,616 a------- c:docume~1portapplic~1GDIPFONTCACHEV1.DAT
2008-04-14 22:14 0 ----h--- c:docume~1alluse~1applic~1PKP_DLdw.DAT
2008-03-26 17:36 0 ----h--- c:docume~1alluse~1applic~1PKP_DLdu.DAT
2008-03-26 17:23 20 ----h--- c:docume~1alluse~1applic~1PKP_DLec.DAT
2008-01-18 19:22 57,344 a------- c:program filesInner Sphere WarsUpdater.exe
2008-01-18 19:22 28,672 a------- c:program filesInner Sphere Warsiswsp.exe
2008-01-16 18:15 32 a------- c:docume~1alluse~1applic~1ezsid.dat
2007-12-26 21:31 485,535 a------- c:program filesInner Sphere Warswsi12.exe

============= FINISH: 15:12:36.34 ===============

RootRepeal gives me a blue screen of death.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 09 September 2009 - 07:49 PM.


BC AdBot (Login to Remove)

 


#2 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 10 September 2009 - 06:15 PM

Process Monitor shows what is happening every second or two:




System 4 SUCCESS Thread ID: 2496 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2496 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2928 108 Process System NT AUTHORITY\SYSTEM

explorer.exe 1608 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS Desired Access: Read 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252623254 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252626854 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 226, Data: \Device\{F2AB8DFA-84C5-4D8B-985F-E56CFCCD02F5}, \Device\{2C05FD31-C6C0-4295-8994-0544470B4E33}, \Device\NdisWanIp 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2928 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2868 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2868 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2960 108 Process System NT AUTHORITY\SYSTEM

Edited by sinsanity, 10 September 2009 - 06:18 PM.


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:01:31 AM

Posted 24 September 2009 - 08:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 24 September 2009 - 02:23 PM

Hello sempai,

I have something causing a constant hard drive access.

I uninstalled AVG anti virus and installed kaspersky anti virus.

I have run malwarebytes.

Thank you.

______________________________________________________________________________

Process monitor shows the following happening every second or so:

System 4 SUCCESS Thread ID: 2496 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2496 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2928 108 Process System NT AUTHORITY\SYSTEM

explorer.exe 1608 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS Desired Access: Read 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252623254 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252626854 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 226, Data: \Device\{F2AB8DFA-84C5-4D8B-985F-E56CFCCD02F5}, \Device\{2C05FD31-C6C0-4295-8994-0544470B4E33}, \Device\NdisWanIp 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2928 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2868 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2868 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2960 108 Process System NT AUTHORITY\SYSTEM

This post has been edited by sinsanity: Sep 10 2009, 04:18 PM


________________________________________________________



DDS (Ver_09-07-30.01) - NTFSx86
Run by Port at 12:12:10.01 on Thu 09/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.347 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Port\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DeltTray] DeltTray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
dRun: [GizmoDriveDelegate] RUNDLL32.EXE c:\progra~1\gizmo\GDRIVE.DLL,Remount_Startup_Images
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217504392796
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188809919796
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\port\applic~1\mozilla\firefox\profiles\h4rtaqhb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitifffree.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-4-28 112144]
R1 GizmoDrv;Gizmo Virtual Drive Device Driver;c:\windows\system32\drivers\gizmodrv.sys [2008-1-21 16595]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-6-27 194320]
R2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2007-6-28 218376]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 31896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
S3 AmbaAudio;Sony Camera Device;c:\windows\system32\drivers\AmbaAudio.sys [2009-6-8 24320]
S3 AMBAWEBCAM;Sony Webcam;c:\windows\system32\drivers\AmbaWebcam.sys [2009-6-8 33024]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);c:\windows\system32\drivers\fd_dbus.sys [2007-9-3 51040]
S3 fd_dmdm;FutureDial USB-to-Serial Cable Drivers;c:\windows\system32\drivers\fd_dmdm.sys [2007-9-3 73984]
S4 DUPZ;DUPZ;c:\docume~1\port\locals~1\temp\dupz.exe --> c:\docume~1\port\locals~1\temp\DUPZ.exe [?]
S4 Gizmo Central;Gizmo Central;c:\program files\gizmo\gservice.exe [2008-1-21 25088]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

============== File Associations ===============

vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-09-17 20:39 691 a------- C:\dude.conf
2009-09-17 20:38 <DIR> --d----- c:\program files\Dude
2009-09-16 12:19 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-09-16 12:19 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-09-16 12:18 <DIR> --d----- c:\program files\Kaspersky Lab
2009-09-16 12:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-09-16 12:18 43,040 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-16 12:18 15,904 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-16 12:18 2,420 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-09-16 12:18 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-16 12:11 <DIR> --d----- C:\KAV
2009-09-10 01:42 114,688 a------- C:\Fport.exe
2009-09-09 20:29 230,912 a------- c:\windows\PEV.exe
2009-09-09 20:29 <DIR> --d----- C:\ComboFix
2009-09-09 17:28 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-09-09 15:10 359,932 a------- C:\dds.scr
2009-09-08 21:56 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-07 19:29 <DIR> --d----- c:\program files\blogTV.com Plugin for AOL Instant Messenger
2009-09-07 19:14 <DIR> --d----- c:\program files\Marratech
2009-09-07 18:46 <DIR> --d----- c:\program files\Dimdim
2009-09-07 18:46 <DIR> --d----- c:\docume~1\port\applic~1\Dimdim
2009-09-07 18:46 100,232 a------- c:\documents and settings\port\DimdimSetup.exe
2009-09-07 18:21 <DIR> --d----- c:\docume~1\port\applic~1\Paltalk
2009-09-07 10:54 <DIR> --d----- c:\program files\Trend Micro
2009-09-07 06:41 <DIR> --d----- c:\docume~1\port\applic~1\Malwarebytes
2009-09-07 06:41 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 06:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-07 06:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 06:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-05 23:46 91,136 ac------ c:\windows\system32\dllcache\kswdmcap.ax
2009-09-05 23:46 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-09-05 23:46 61,952 ac------ c:\windows\system32\dllcache\kstvtune.ax
2009-09-05 23:46 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-05 23:46 61,952 a------- c:\windows\system32\kstvtune.ax
2009-09-05 23:46 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-09-05 23:46 20,992 ac------ c:\windows\system32\dllcache\dshowext.ax
2009-09-05 23:46 20,992 a------- c:\windows\system32\dshowext.ax
2009-09-05 23:46 43,008 ac------ c:\windows\system32\dllcache\ksxbar.ax
2009-09-05 23:46 43,008 a------- c:\windows\system32\ksxbar.ax
2009-08-25 18:09 <DIR> --d----- c:\docume~1\port\applic~1\n-Track Software Data

==================== Find3M ====================

2009-09-16 13:02 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 14:33 25,088 a------- c:\windows\system32\msxml3a.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 10:09 915,456 -------- c:\windows\system32\wininet.dll
2008-11-24 20:25 514,616 a------- c:\docume~1\port\applic~1\GDIPFONTCACHEV1.DAT
2008-04-14 22:14 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2008-03-26 17:36 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2008-03-26 17:23 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-01-18 19:22 57,344 a------- c:\program files\Inner Sphere WarsUpdater.exe
2008-01-18 19:22 28,672 a------- c:\program files\Inner Sphere Warsiswsp.exe
2008-01-16 18:15 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-12-26 21:31 485,535 a------- c:\program files\Inner Sphere Warswsi12.exe

============= FINISH: 12:12:43.14 ===============

Attached Files



#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:31 PM

Posted 28 September 2009 - 11:49 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues.

I see that you have recently been running combofix.

ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of C:\ComboFix.txt in your next reply.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back here with the following logs:
  • Combofix.txt
  • MBAM log
Thanks

unite.jpg


#6 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 28 September 2009 - 03:17 PM

Hey Syler,

Thanks for the help.

Here's the combofix log followed by the MBAM log:

_____________________________________________________________________________

ComboFix 09-09-27.05 - Port 09/28/2009 12:34.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.377 [GMT -7:00]
Running from: c:\documents and settings\Port\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-18 03:38 . 2009-09-18 03:39 -------- d-----w- c:\program files\Dude
2009-09-16 19:19 . 2009-09-23 07:47 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-16 19:19 . 2009-09-23 07:47 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-16 19:18 . 2009-09-28 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-16 19:18 . 2009-09-16 19:18 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-16 19:18 . 2009-09-28 19:45 155936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-16 19:18 . 2009-09-28 19:45 25888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-16 19:11 . 2009-09-16 19:11 -------- d-----w- C:\KAV
2009-09-10 08:42 . 2009-09-10 08:41 114688 ----a-w- C:\Fport.exe
2009-09-10 00:28 . 2009-09-10 00:28 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-09 22:10 . 2009-09-09 21:26 359932 ----a-w- C:\dds.scr
2009-09-09 04:56 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 02:29 . 2009-09-08 02:29 -------- d-----w- c:\program files\blogTV.com Plugin for AOL Instant Messenger
2009-09-08 02:14 . 2009-09-08 02:14 -------- d-----w- c:\program files\Marratech
2009-09-08 01:46 . 2009-09-08 01:47 -------- d-----w- c:\documents and settings\Port\Application Data\Dimdim
2009-09-08 01:46 . 2009-09-08 01:46 -------- d-----w- c:\program files\Dimdim
2009-09-08 01:46 . 2009-09-08 01:46 2002944 ----a-w- c:\documents and settings\Port\Dimdim.msi
2009-09-08 01:46 . 2009-09-08 01:46 100232 ----a-w- c:\documents and settings\Port\DimdimSetup.exe
2009-09-08 01:21 . 2009-09-09 21:02 -------- d-----w- c:\documents and settings\Port\Application Data\Paltalk
2009-09-07 17:54 . 2009-09-07 17:54 -------- d-----w- c:\program files\Trend Micro
2009-09-07 13:41 . 2009-09-07 13:41 -------- d-----w- c:\documents and settings\Port\Application Data\Malwarebytes
2009-09-07 13:41 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 13:41 . 2009-09-28 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 13:41 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 13:41 . 2009-09-07 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-06 06:46 . 2008-04-14 12:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-06 06:46 . 2008-04-14 12:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 19:34 . 2009-09-16 19:18 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-25 07:49 . 2009-09-16 19:18 2708 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-23 04:20 . 2009-07-09 20:52 -------- d-----w- c:\documents and settings\Port\Application Data\vlc
2009-09-23 01:34 . 2007-09-07 01:53 -------- d-----w- c:\program files\Steam
2009-09-18 04:43 . 2009-08-12 05:33 -------- d-----w- c:\program files\Free Video Converter
2009-09-16 20:02 . 2007-04-28 23:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-09-13 02:24 . 2007-09-04 06:26 -------- d-----w- c:\documents and settings\Port\Application Data\CoreFTP
2009-09-10 00:18 . 2007-09-17 07:08 -------- d-----w- c:\documents and settings\Port\Application Data\ZipGenius
2009-09-09 21:19 . 2007-09-03 03:48 515216 ----a-w- c:\documents and settings\Port\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 17:37 . 2008-08-13 21:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 14:20 . 2009-06-21 06:32 -------- d-----w- c:\program files\Yahoo!
2009-09-07 14:19 . 2008-11-27 23:20 -------- d-----w- c:\program files\U5Me Operator
2009-09-07 14:17 . 2009-07-10 02:18 -------- d-----w- c:\program files\Chat4Support Operator
2009-09-01 07:06 . 2009-08-02 06:29 -------- d-----w- c:\program files\Trillian
2009-08-28 02:28 . 2008-10-13 20:42 -------- d-----w- c:\documents and settings\Port\Application Data\n-Track Studio6
2009-08-26 01:09 . 2009-08-26 01:09 -------- d-----w- c:\documents and settings\Port\Application Data\n-Track Software Data
2009-08-26 01:08 . 2008-01-09 03:00 -------- d-----w- c:\program files\FASoft
2009-08-11 08:01 . 2009-08-11 08:01 -------- d-----w- c:\documents and settings\Port\Application Data\ImTOO Software Studio
2009-08-11 07:30 . 2009-08-11 07:30 -------- d-----w- c:\program files\ImTOO
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 06:53 . 2007-09-03 06:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 21:33 . 2009-08-05 15:57 25088 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-27 06:32 . 2009-07-27 06:32 127 ----a-w- c:\documents and settings\Port\Local Settings\Application Data\fusioncache.dat
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll
2008-01-19 02:22 . 2008-01-01 00:39 57344 ----a-w- c:\program files\Inner Sphere WarsUpdater.exe
2008-01-19 02:22 . 2007-12-27 04:31 28672 ----a-w- c:\program files\Inner Sphere Warsiswsp.exe
2007-12-27 04:31 . 2007-12-27 04:31 485535 ----a-w- c:\program files\Inner Sphere Warswsi12.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-09-10_03.46.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 09:52 . 2009-07-11 06:15 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-04-10 09:52 . 2009-09-11 20:50 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-28 19:50 . 2007-06-28 19:50 22457 c:\windows\system32\drivers\klop.dat
+ 2007-04-04 21:58 . 2007-04-04 21:58 24344 c:\windows\system32\drivers\klim5.sys
- 2008-03-07 12:38 . 2009-07-11 00:46 73728 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\Acad162_icon.exe
+ 2008-03-07 12:38 . 2009-09-20 21:15 73728 c:\windows\Installer\{5783F2D7-6001-0409-0002-0060B0CE6BBA}\Acad162_icon.exe
+ 2007-06-28 19:51 . 2007-06-28 19:51 206088 c:\windows\system32\klogon.dll
+ 2007-06-28 00:31 . 2009-09-16 20:02 194320 c:\windows\system32\drivers\klif.sys
+ 2009-09-16 19:19 . 2009-09-16 19:19 2747392 c:\windows\Installer\33220.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-11-15 77824]
"DeltTray"="DeltTray.exe" - c:\windows\system32\delttray.exe [2002-12-07 56320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2008-01-22 254976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2007-9-3 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk
backup=c:\windows\pss\MultiMon Taskbar.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\Port\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Port\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Woopra.lnk]
path=c:\documents and settings\Port\Start Menu\Programs\Startup\Woopra.lnk
backup=c:\windows\pss\Woopra.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Imapi Helper"=3 (0x3)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Gizmo Central"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DUPZ"=3 (0x3)
"AcrSch2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\dreamslaughter@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Games\\Mechwarrior Mercenaries\\MW4MERCS.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Steam\\steamapps\\flbdave@hotmail.com\\counter-strike\\hl.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Star Wars\\Stwars_Galactic_Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Dude\\dude.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 GizmoDrv;Gizmo Virtual Drive Device Driver;c:\windows\system32\drivers\gizmodrv.sys [1/21/2008 11:18 PM 16595]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [3/28/2009 7:08 PM 31896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/4/2007 2:58 PM 24344]
S3 AmbaAudio;Sony Camera Device;c:\windows\system32\drivers\AmbaAudio.sys [6/8/2009 6:20 PM 24320]
S3 AMBAWEBCAM;Sony Webcam;c:\windows\system32\drivers\AmbaWebcam.sys [6/8/2009 6:20 PM 33024]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);c:\windows\system32\drivers\fd_dbus.sys [9/3/2007 4:34 PM 51040]
S3 fd_dmdm;FutureDial USB-to-Serial Cable Drivers;c:\windows\system32\drivers\fd_dmdm.sys [9/3/2007 4:34 PM 73984]
S4 DUPZ;DUPZ;c:\docume~1\Port\LOCALS~1\Temp\DUPZ.exe --> c:\docume~1\Port\LOCALS~1\Temp\DUPZ.exe [?]
S4 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [1/21/2008 11:18 PM 25088]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\User_Feed_Synchronization-{256FF6A1-7C36-44AD-BE53-AA8373751A68}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
FF - ProfilePath - c:\documents and settings\Port\Application Data\Mozilla\Firefox\Profiles\h4rtaqhb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDimdimControl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitifffree.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-blogTV.com - c:\program files\blogTV.com
AddRemove-HijackThis - c:\documents and settings\Port\Desktop\HijackThis.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-28 12:48
ComboFix-quarantined-files.txt 2009-09-28 19:47
ComboFix2.txt 2009-09-10 03:48
ComboFix3.txt 2009-04-27 01:16

Pre-Run: 313,954,074,624 bytes free
Post-Run: 313,919,283,200 bytes free

Current=5 Default=5 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
248 --- E O F --- 2009-09-09 07:50


______________________________________________________________________

______________________________________________________________________


Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 5.1.2600 Service Pack 3

9/28/2009 1:09:58 PM
mbam-log-2009-09-28 (13-09-58).txt

Scan type: Quick Scan
Objects scanned: 100157
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

____________________________________________

Edited by sinsanity, 28 September 2009 - 03:17 PM.


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:31 PM

Posted 28 September 2009 - 07:32 PM

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<
Please post back here with the following logs:
  • Kaspersky report
  • info.txt
  • log.txt
Thanks

unite.jpg


#8 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 29 September 2009 - 04:09 PM

Hmmmmmm,

The kaspersky online scanner keeps freezing up.

The first time after 2 hours 34% and the second time after 7 hours 81%.

I need to do a lot of work today.

I will try again tonight overnight.

Don't give up on me.

Edited by sinsanity, 29 September 2009 - 04:14 PM.


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:31 PM

Posted 29 September 2009 - 04:24 PM

Please use this scanner instead, when you get a chance :(

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.

unite.jpg


#10 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 October 2009 - 03:34 PM

Hey Syler,

Thanks.

The bit defender report was in html form so I uploaded the file.

Following its the RSIT report:
_____________________________________________________________

Logfile of random's system information tool 1.06 (written by random/random)
Run by Port at 2009-10-02 13:27:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 307 GB (64%) free of 477 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:56 PM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Port\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Port.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217504392796
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188809919796
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 5087 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{256FF6A1-7C36-44AD-BE53-AA8373751A68}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-28 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"DeltTray"=C:\WINDOWS\system32\DeltTray.exe [2002-12-06 56320]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-05-18 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-12-15 482760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro]
C:\Program Files\Error Repair Professional\autostart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GizmoDriveDelegate]
C:\PROGRA~1\GIZMO\GDRIVE.DLL [2008-01-21 254976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
kmw_run.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-28 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
C:\Program Files\ThreatFire\TFTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem]
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-09-18 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]
C:\PROGRA~1\MMTASK~1\MultiMon.exe [2005-11-09 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Nikon Monitor.lnk]
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Woopra.lnk]
C:\PROGRA~1\Woopra\Woopra.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"Ati HotKey Poller"=2
"Adobe LM Service"=3
"Imapi Helper"=3
"idsvc"=3
"ATI Smart"=2
"Gizmo Central"=2
"Autodesk Licensing Service"=3
"IDriverT"=3
"gusvc"=3
"DUPZ"=3
"AcrSch2Svc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\Steam\steamapps\dreamslaughter@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\dreamslaughter@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4MERCS.ICD"="C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4MERCS.ICD:*:Enabled:MechWarrior IV"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"="C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Steam\steamapps\flbdave@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\flbdave@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Star Wars\Stwars_Galactic_Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\Microsoft Games\Star Wars\Stwars_Galactic_Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Dude\dude.exe"="C:\Program Files\Dude\dude.exe:*:Enabled:dude"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-10-02 13:27:40 ----D---- C:\rsit
2009-09-29 17:29:05 ----D---- C:\WINDOWS\BDOSCAN8
2009-09-29 03:14:01 ----D---- C:\WINDOWS\Performance
2009-09-29 02:37:01 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\java.exe
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-28 13:14:07 ----SHD---- C:\RECYCLER
2009-09-28 12:48:27 ----D---- C:\WINDOWS\temp
2009-09-28 12:48:25 ----A---- C:\ComboFix.txt
2009-09-17 20:38:59 ----D---- C:\Program Files\Dude
2009-09-16 12:18:57 ----D---- C:\Program Files\Kaspersky Lab
2009-09-16 12:18:57 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-09-16 12:11:25 ----D---- C:\KAV
2009-09-10 01:42:04 ----A---- C:\Fport.exe
2009-09-09 20:29:36 ----A---- C:\WINDOWS\PEV.exe
2009-09-09 00:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 00:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-07 19:29:38 ----D---- C:\Program Files\blogTV.com Plugin for AOL Instant Messenger
2009-09-07 19:14:36 ----D---- C:\Program Files\Marratech
2009-09-07 18:46:47 ----D---- C:\Program Files\Dimdim
2009-09-07 18:46:47 ----D---- C:\Documents and Settings\Port\Application Data\Dimdim
2009-09-07 18:21:10 ----D---- C:\Documents and Settings\Port\Application Data\Paltalk
2009-09-07 10:54:22 ----D---- C:\Program Files\Trend Micro
2009-09-07 06:41:34 ----D---- C:\Documents and Settings\Port\Application Data\Malwarebytes
2009-09-07 06:41:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-07 06:41:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-05 23:46:16 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

======List of files/folders modified in the last 1 months======

2009-10-02 13:27:39 ----D---- C:\WINDOWS\Prefetch
2009-10-02 13:26:45 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 01:56:34 ----D---- C:\Installs
2009-10-01 22:06:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-01 21:55:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-01 21:40:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-01 21:40:14 ----D---- C:\Documents and Settings
2009-10-01 15:29:11 ----D---- C:\WINDOWS
2009-10-01 15:14:26 ----N---- C:\WINDOWS\system.ini
2009-10-01 15:14:26 ----ASH---- C:\boot.ini
2009-10-01 15:14:26 ----A---- C:\WINDOWS\win.ini
2009-09-29 17:29:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-29 17:29:04 ----HD---- C:\WINDOWS\inf
2009-09-29 02:37:03 ----SHD---- C:\WINDOWS\Installer
2009-09-29 02:37:03 ----D---- C:\Config.Msi
2009-09-29 02:37:01 ----RD---- C:\Program Files
2009-09-28 18:25:15 ----D---- C:\WINDOWS\system32
2009-09-28 18:24:57 ----D---- C:\Program Files\Java
2009-09-28 18:15:21 ----D---- C:\Program Files\Common Files
2009-09-28 12:48:28 ----D---- C:\Qoobox
2009-09-28 12:38:49 ----D---- C:\WINDOWS\system32\drivers
2009-09-28 12:38:49 ----D---- C:\WINDOWS\AppPatch
2009-09-28 12:33:31 ----SHD---- C:\System Volume Information
2009-09-28 12:33:31 ----D---- C:\WINDOWS\system32\Restore
2009-09-28 00:40:53 ----A---- C:\AILog.txt
2009-09-27 23:24:22 ----D---- C:\Minidump00
2009-09-22 21:20:57 ----D---- C:\Documents and Settings\Port\Application Data\vlc
2009-09-22 18:34:55 ----D---- C:\Program Files\Steam
2009-09-21 14:23:31 ----D---- C:\Folders
2009-09-17 21:43:01 ----D---- C:\Program Files\Free Video Converter
2009-09-17 16:06:42 ----D---- C:\Documents and Settings\Port\Application Data\Adobe
2009-09-12 19:24:56 ----D---- C:\Documents and Settings\Port\Application Data\CoreFTP
2009-09-09 20:46:45 ----D---- C:\WINDOWS\ERDNT
2009-09-09 17:18:12 ----D---- C:\Documents and Settings\Port\Application Data\ZipGenius
2009-09-09 10:37:27 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 00:48:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 00:48:36 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 00:48:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-07 07:20:31 ----D---- C:\Program Files\Yahoo!
2009-09-07 07:19:38 ----D---- C:\Program Files\U5Me Operator
2009-09-07 07:17:30 ----D---- C:\Program Files\Chat4Support Operator
2009-09-07 07:16:54 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 GizmoDrv;Gizmo Virtual Drive Device Driver; C:\WINDOWS\system32\drivers\GizmoDrv.sys [2008-03-07 16595]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-03 3230720]
R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\drivers\delta.sys [2003-11-26 280192]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nvax;Service for NVIDIAŽ nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIAŽ nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBMN1X1;USB Midi 1x1; C:\WINDOWS\system32\drivers\usbmn1x1.sys [2008-09-14 22272]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
S3 AmbaAudio;Sony Camera Device; C:\WINDOWS\system32\drivers\AmbaAudio.sys [2008-09-24 24320]
S3 AMBAWEBCAM;Sony Webcam; C:\WINDOWS\system32\DRIVERS\AmbaWebcam.sys [2008-09-24 33024]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Port\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dfmirage;dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2009-03-28 31896]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\fd_dbus.sys [2004-08-03 51040]
S3 fd_dmdm;FutureDial USB-to-Serial Cable Drivers; C:\WINDOWS\system32\DRIVERS\fd_dmdm.sys [2004-08-03 73984]
S3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver; C:\WINDOWS\system32\DRIVERS\KMW_USB.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USB11LDR;USB Midi 1x1 Loader; C:\WINDOWS\system32\drivers\usb11ldr.sys [2008-09-14 13504]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe []
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-03 561152]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-04-07 85096]
S4 DUPZ;DUPZ; C:\DOCUME~1\Port\LOCALS~1\Temp\DUPZ.exe []
S4 Gizmo Central;Gizmo Central; C:\Program Files\Gizmo\gservice.exe [2008-01-21 25088]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 168432]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------

____________________________________________________________

info.txt logfile of random's system information tool 1.06 2009-10-02 13:28:00

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{10DF3D60-C70B-47E4-AAF2-8764BF494E71}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere 6.0-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL2.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Program Files\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x1000
ATI Decoder-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
audioTester22c-->"C:\Program Files\audioTester22c\uninstall.exe"
AutoCAD 2008 - English SP1-->Msiexec.exe /uninstall {1C500B62-B044-4216-8011-604640F4F925} /package {5783F2D7-6001-0409-0002-0060B0CE6BBA} /qb
AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk 3ds Max 8 Additional Maps and Materials-->MsiExec.exe /I{59D070F5-CCE6-418B-84A3-CCA63D75ED8A}
Autodesk 3ds Max 8 Architectural Materials-->MsiExec.exe /I{28FDF917-8750-4A54-9E05-D7798E699B47}
Autodesk 3ds Max 8 Reference Files-->MsiExec.exe /I{73C935A7-36C6-48B5-A32E-FD5BD96FD25C}
Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
blogTV.com Plugin 3.2-->C:\Program Files\blogTV.com Plugin for AOL Instant Messenger\uninst.exe
BOINC-->MsiExec.exe /I{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP800-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34}\DelDrv.exe" /U:{04F9B09E-CDB5-46fc-AC30-2E7E7C7A8A34} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Core FTP LE 1.3c-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
deskUNPDF 2-->"C:\Program Files\Docudesk\deskUNPDF\unins000.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick 1.3.0.6-->"C:\Program Files\DVD Flick\unins000.exe"
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Video Converter V 2.1-->"C:\Program Files\Free Video Converter\unins000.exe"
FutureDial USB Modem Driver Set-->C:\Program Files\FutureDial\FutureDial USB Modem\FD_DUninstall.exe
Genetica Viewer 2.5-->MsiExec.exe /X{FA0BA6CD-4C7A-44CA-9028-E8055FD650A5}
Gizmo Central-->"C:\Program Files\Gizmo\gdirector.exe" /Uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
ImTOO MPEG Encoder Standard-->C:\Program Files\ImTOO\MPEG Encoder Standard\Uninstall.exe
Inner Sphere Wars-->MsiExec.exe /I{B8F4D488-2BD1-41C5-9872-2E401CA1F833}
interneTIFF 7.0-FREE (IE Browser)-->C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Innomage\interneTIFFX\Uninst.isu" -c"C:\Program Files\Innomage\interneTIFFX\U_ITIFFFREEX.dll"
interneTIFF 7.1-FREE (Netscape Browser)-->C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Innomage\interneTIFFN\Uninst.isu" -c"C:\Program Files\Innomage\interneTIFFN\U_ITIFFPRON.dll"
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mech Warrior Mercenaries Co-Op-->C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\Uninstal.exe
MechWarrior 4 Mercenaries-->"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
MechWarrior Black Knight-->"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\mw4\UNINSTALX.EXE" /runtemp /addremove
MechWarrior Vengeance-->"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\mw4\MWUNINSTAL.EXE" /runtemp /addremove
MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo-->"C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Midisport 1x1 1.0.1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio Midisport 1x1\irunin.ini"
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiMon TaskBar 2.1-->"C:\Program Files\MMTaskbar\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
n-Track Studio 6-->MsiExec.exe /I{BD7D5903-CACF-4974-979F-B2523B75E544}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OpenOffice.org 3.0-->MsiExec.exe /I{92B79901-C57D-409F-8D2F-4E5337383569}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Reason-->MsiExec.exe /X{AB9FC2F9-7FC7-11D7-9D82-00065BABCB42}
RzE's CS Helper-->"c:\program files\steam\steamapps\dreamslaughter@hotmail.com\counter-strike\cstrike\uninst-rzes_cs_helper.exe"
Sam Spade version 1.14-->"C:\Program Files\Blighty Design\unins000.exe"
Screencaster Plug-in for FF-->MsiExec.exe /I{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SnapSync DLLUpgrade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{635373F8-D747-4288-9EEA-02E542479630}\setup.exe" -l0x9 anything
SnapSync Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA458DF3-F5DD-46B5-BDEA-E7D2B8151183}\Setup.exe" -l0x9
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
Sony MHS Camera Driver-->C:\PROGRA~1\SONYDI~1\UNWISE.EXE C:\PROGRA~1\SONYDI~1\INSTALL.LOG
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Dude-->"C:\Program Files\Dude\uninstall.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072)-->"C:\WINDOWS\$NtUninstallKB951072$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
xplorer˛ lite-->"C:\Program Files\zabkat\xplorer2_lite\Uninstall.exe"
ZipGenius 6 (6.0.2.1030A)-->"C:\Program Files\ZipGenius 6\unins000.exe"

=====HijackThis Backups=====

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) [2009-09-07]
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [2009-09-07]
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [2009-09-07]

======Security center information======

AV: Kaspersky Anti-Virus (disabled)

======System event log======

Computer Name: BASE
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 59481
Source Name: Disk
Time Written: 20090930034845.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 59480
Source Name: Disk
Time Written: 20090930034845.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 59479
Source Name: Disk
Time Written: 20090930034845.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 59478
Source Name: Disk
Time Written: 20090930034845.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk0\D.

Record Number: 59477
Source Name: Disk
Time Written: 20090930034845.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: BASE
Event Code: 1517
Message: Windows saved user BASE\Port registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8747
Source Name: Userenv
Time Written: 20090423165557.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BASE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 8434
Source Name: crypt32
Time Written: 20090404114500.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 8433
Source Name: crypt32
Time Written: 20090404114500.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 8432
Source Name: crypt32
Time Written: 20090404114500.000000-420
Event Type: error
User:

Computer Name: BASE
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 8431
Source Name: crypt32
Time Written: 20090404114500.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ZipGenius 6;C:\Program Files\Autodesk\backburner;C:\Program Files\Support Tools;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files


Edited by sinsanity, 02 October 2009 - 04:03 PM.


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:31 PM

Posted 02 October 2009 - 04:50 PM

Hi sinsanity,

Your logs look fine to me just a few bits that we can clean up, let me know if you are having any more problems in your next reply.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image


Next

You have an outdated version of Adobe Reader, these have vulnerabilities that can be exploited by malware, to get in to your machine. Please follow these
steps to remove older versions of Adobe Reader and download the latest version.

Go to Start >> Settings >> Control Panel, double-click on Add/Remove Programs and remove any older versions of Adobe Reader.
  • Download the latest version of Adobe Acrobat Reader
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Next

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    DUPZ
    catchme
    Viewpoint Manager Service
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Nikon Monitor.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Woopra.lnk]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    :Files
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post back here with the following logs:
  • OTM results
  • New Rsit log
Thanks

unite.jpg


#12 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 October 2009 - 06:42 PM

All processes killed
========== SERVICES/DRIVERS ==========

Service\Driver DUPZ deleted successfully.

Service\Driver catchme deleted successfully.

Service\Driver Viewpoint Manager Service deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMem\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Nikon Monitor.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Port^Start Menu^Programs^Startup^Woopra.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk not found.
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 34 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3254160 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Port
File delete failed. C:\Documents and Settings\Port\Local Settings\Temp\Perflib_Perfdata_bcc.dat scheduled to be deleted on reboot.
->Temp folder emptied: 86994657 bytes
File delete failed. C:\Documents and Settings\Port\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 13245273 bytes
->Java cache emptied: 48185593 bytes
->FireFox cache emptied: 50638303 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 8609994 bytes
%systemroot%\System32 .tmp files removed: 3781649 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 204.84 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10022009_163251

Files moved on Reboot...
File C:\Documents and Settings\Port\Local Settings\Temp\Perflib_Perfdata_bcc.dat not found!

Registry entries deleted on Reboot...



_________________________________________________




Logfile of random's system information tool 1.06 (written by random/random)
Run by Port at 2009-10-02 16:41:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 307 GB (64%) free of 477 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:00 PM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Port\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Port.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-18\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217504392796
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188809919796
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 5179 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{256FF6A1-7C36-44AD-BE53-AA8373751A68}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-28 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"DeltTray"=C:\WINDOWS\system32\DeltTray.exe [2002-12-06 56320]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-05-18 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-12-15 482760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GizmoDriveDelegate]
C:\PROGRA~1\GIZMO\GDRIVE.DLL [2008-01-21 254976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-28 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]
C:\PROGRA~1\MMTASK~1\MultiMon.exe [2005-11-09 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"Ati HotKey Poller"=2
"Adobe LM Service"=3
"Imapi Helper"=3
"idsvc"=3
"ATI Smart"=2
"Gizmo Central"=2
"Autodesk Licensing Service"=3
"IDriverT"=3
"gusvc"=3
"DUPZ"=3
"AcrSch2Svc"=2

C:\Documents and Settings\Port\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\Steam\steamapps\dreamslaughter@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\dreamslaughter@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4MERCS.ICD"="C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\MW4MERCS.ICD:*:Enabled:MechWarrior IV"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe"="C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Steam\steamapps\flbdave@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\flbdave@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Star Wars\Stwars_Galactic_Battlegrounds\Game\Battlegrounds.exe"="C:\Program Files\Microsoft Games\Star Wars\Stwars_Galactic_Battlegrounds\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Dude\dude.exe"="C:\Program Files\Dude\dude.exe:*:Enabled:dude"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-10-02 16:32:51 ----D---- C:\_OTM
2009-10-02 16:29:25 ----D---- C:\Program Files\ERUNT
2009-10-02 16:19:45 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-10-02 13:27:40 ----D---- C:\rsit
2009-09-29 17:29:05 ----D---- C:\WINDOWS\BDOSCAN8
2009-09-29 03:14:01 ----D---- C:\WINDOWS\Performance
2009-09-29 02:37:01 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\java.exe
2009-09-28 18:25:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-28 13:14:07 ----SHD---- C:\RECYCLER
2009-09-28 12:48:27 ----D---- C:\WINDOWS\temp
2009-09-28 12:48:25 ----A---- C:\ComboFix.txt
2009-09-17 20:38:59 ----D---- C:\Program Files\Dude
2009-09-16 12:18:57 ----D---- C:\Program Files\Kaspersky Lab
2009-09-16 12:18:57 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-09-16 12:11:25 ----D---- C:\KAV
2009-09-10 01:42:04 ----A---- C:\Fport.exe
2009-09-09 20:29:36 ----A---- C:\WINDOWS\PEV.exe
2009-09-09 00:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 00:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-07 19:29:38 ----D---- C:\Program Files\blogTV.com Plugin for AOL Instant Messenger
2009-09-07 19:14:36 ----D---- C:\Program Files\Marratech
2009-09-07 18:46:47 ----D---- C:\Program Files\Dimdim
2009-09-07 18:46:47 ----D---- C:\Documents and Settings\Port\Application Data\Dimdim
2009-09-07 18:21:10 ----D---- C:\Documents and Settings\Port\Application Data\Paltalk
2009-09-07 10:54:22 ----D---- C:\Program Files\Trend Micro
2009-09-07 06:41:34 ----D---- C:\Documents and Settings\Port\Application Data\Malwarebytes
2009-09-07 06:41:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-07 06:41:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-05 23:46:16 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

======List of files/folders modified in the last 1 months======

2009-10-02 16:40:34 ----D---- C:\Program Files\Mozilla Firefox
2009-10-02 16:39:38 ----D---- C:\WINDOWS\system32\drivers
2009-10-02 16:37:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-02 16:37:39 ----D---- C:\WINDOWS\ERDNT
2009-10-02 16:36:57 ----RD---- C:\Program Files
2009-10-02 16:35:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-02 16:35:10 ----D---- C:\WINDOWS\system32
2009-10-02 16:35:09 ----D---- C:\WINDOWS
2009-10-02 16:26:49 ----D---- C:\Installs
2009-10-02 16:26:13 ----SHD---- C:\WINDOWS\Installer
2009-10-02 16:26:13 ----D---- C:\Config.Msi
2009-10-02 16:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-02 16:25:02 ----D---- C:\Program Files\Adobe
2009-10-02 16:15:26 ----D---- C:\WINDOWS\Prefetch
2009-10-01 21:40:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-01 21:40:14 ----D---- C:\Documents and Settings
2009-10-01 15:14:26 ----N---- C:\WINDOWS\system.ini
2009-10-01 15:14:26 ----ASH---- C:\boot.ini
2009-10-01 15:14:26 ----A---- C:\WINDOWS\win.ini
2009-09-29 17:29:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-29 17:29:04 ----HD---- C:\WINDOWS\inf
2009-09-28 18:24:57 ----D---- C:\Program Files\Java
2009-09-28 18:15:21 ----D---- C:\Program Files\Common Files
2009-09-28 12:48:28 ----D---- C:\Qoobox
2009-09-28 12:38:49 ----D---- C:\WINDOWS\AppPatch
2009-09-28 12:33:31 ----SHD---- C:\System Volume Information
2009-09-28 12:33:31 ----D---- C:\WINDOWS\system32\Restore
2009-09-28 00:40:53 ----A---- C:\AILog.txt
2009-09-27 23:24:22 ----D---- C:\Minidump00
2009-09-22 21:20:57 ----D---- C:\Documents and Settings\Port\Application Data\vlc
2009-09-22 18:34:55 ----D---- C:\Program Files\Steam
2009-09-21 14:23:31 ----D---- C:\Folders
2009-09-17 21:43:01 ----D---- C:\Program Files\Free Video Converter
2009-09-17 16:06:42 ----D---- C:\Documents and Settings\Port\Application Data\Adobe
2009-09-12 19:24:56 ----D---- C:\Documents and Settings\Port\Application Data\CoreFTP
2009-09-09 17:18:12 ----D---- C:\Documents and Settings\Port\Application Data\ZipGenius
2009-09-09 10:37:27 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 00:48:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 00:48:36 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 00:48:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-07 07:20:31 ----D---- C:\Program Files\Yahoo!
2009-09-07 07:19:38 ----D---- C:\Program Files\U5Me Operator
2009-09-07 07:17:30 ----D---- C:\Program Files\Chat4Support Operator
2009-09-07 07:16:54 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 GizmoDrv;Gizmo Virtual Drive Device Driver; C:\WINDOWS\system32\drivers\GizmoDrv.sys [2008-03-07 16595]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-03 3230720]
R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\drivers\delta.sys [2003-11-26 280192]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nvax;Service for NVIDIAŽ nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIAŽ nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBMN1X1;USB Midi 1x1; C:\WINDOWS\system32\drivers\usbmn1x1.sys [2008-09-14 22272]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
S3 AmbaAudio;Sony Camera Device; C:\WINDOWS\system32\drivers\AmbaAudio.sys [2008-09-24 24320]
S3 AMBAWEBCAM;Sony Webcam; C:\WINDOWS\system32\DRIVERS\AmbaWebcam.sys [2008-09-24 33024]
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dfmirage;dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2009-03-28 31896]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\fd_dbus.sys [2004-08-03 51040]
S3 fd_dmdm;FutureDial USB-to-Serial Cable Drivers; C:\WINDOWS\system32\DRIVERS\fd_dmdm.sys [2004-08-03 73984]
S3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver; C:\WINDOWS\system32\DRIVERS\KMW_USB.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USB11LDR;USB Midi 1x1 Loader; C:\WINDOWS\system32\drivers\usb11ldr.sys [2008-09-14 13504]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe []
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-03 561152]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-04-07 85096]
S4 Gizmo Central;Gizmo Central; C:\Program Files\Gizmo\gservice.exe [2008-01-21 25088]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 168432]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

-----------------EOF-----------------



Thanks

Edited by sinsanity, 02 October 2009 - 06:49 PM.


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:31 PM

Posted 02 October 2009 - 07:30 PM

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :(

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo..........Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then please click Apply and Ok.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :(
Syler

unite.jpg


#14 sinsanity

sinsanity
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 02 October 2009 - 09:15 PM

Thanks Syler,

The constant hard drive access is still happening.

My hard drive is accessed over and over again.

Is there anything we can so to stop it.

This only started happening a few weeks ago and I can't get rid of it.

If I watch what's happening using systeminternals Process Monitor,
Here's what happens about 4 or 5 times every second.


_______________________________________________________



System 4 SUCCESS Thread ID: 2496 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2496 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2928 108 Process System NT AUTHORITY\SYSTEM

explorer.exe 1608 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS Desired Access: Read 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252623254 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1252626854 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33}\DhcpServer SUCCESS Type: REG_SZ, Length: 24, Data: 192.168.0.1 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C05FD31-C6C0-4295-8994-0544470B4E33} SUCCESS 4020 Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind BUFFER OVERFLOW Length: 144 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

explorer.exe 1608 HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 226, Data: \Device\{F2AB8DFA-84C5-4D8B-985F-E56CFCCD02F5}, \Device\{2C05FD31-C6C0-4295-8994-0544470B4E33}, \Device\NdisWanIp 4020 Read Registry C:\WINDOWS\explorer.exe BASE\Port C:\WINDOWS\explorer.exe

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2928 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2868 108 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS User Time: 0.0000000, Kernel Time: 0.0000000 2868 Process System NT AUTHORITY\SYSTEM

System 4 SUCCESS Thread ID: 2960 108 Process System NT AUTHORITY\SYSTEM

Edited by sinsanity, 02 October 2009 - 09:16 PM.


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:31 PM

Posted 03 October 2009 - 07:52 AM

I don't see any problem, im not sure what you are suggesting is wrong here but I don't think their is any malware issues, so you would be best posting in another
forum if you want to pursue this.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users