PDA

View Full Version : 100% CPU usage, yet System Idel is 99% (Solved)



Linus12
2008-12-07, 04:39
After working with your expert here on my Daughter's computer, I now find I am having problems with mine!

Symptom is that Windows Task Manager and System Explorer (by Mister Group 2008) both show the overall CPU usage between 88% and 100%. And the number one Process is: System Idle, using between 78 and 99% of the CPU.

Prior to this, when the System Idle was that high, I would see CPU usage of 5 to 30 % usage.

Additional symptom is that access through Firefox is very, very slow.

What I have recently done:

Due to some "too quick" disconnects of memory cards and USB drives, I lost access to one of my usb memory card readers. Then I continually received BSOD on boots indicating No_More_IRP_Stack_Locations
This occurred even on Safe Boots.

Eventually I used the 'Repair' option of the XP SP-2 Install boot disk to get the system to boot to windows.

Then however, at every boot, and every access of any kind of file caused the Roxio DVD-Creator 7.1 to attempt to install (which it couldn't because of some missing file). This software was originally included in my install, but was deleted (I thought) over three years ago. Though the "Repair" may have put it back in.(???)

I was only able to stop that madness by doing some registry hacks to delete the offending entries for ROXIO (the "Remove Roxio" program is no longer available, even though I know it worked with this version of DVD-Creator.)

I know I may have screwed things up there, but at the same time I may have inadvertantly installed a virus not being caught by AVG. (As it was taking so long to scan, I reinstalled it).

Any help would be appreciated as the symptoms point to a virus/trojan, but nothing I have can pinpoint it.

Thanks,

Dave

katana
2008-12-10, 20:50
Hi Linus :)

Let's have a look what we can see


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.

Linus12
2008-12-15, 21:06
Sorry for the delay Katana, The Electricity here was out for a bit and I got pulled into some other projects.

The good news is that I was able to find an old copy of the Roxio remover and that seems to have fixed the immediate CPU issue. Of course I don't know what else is lurking here, so I'll go ahead and post the results.

FYI: When running RSIT I received two warnings about issue with missing registry values.

Text is too long to work with one post, will post info.txt in next post.

Thanks again for all your help.

Contents of log.txt
=======================================
Logfile of random's system information tool 1.04 (written by random/random)
Run by VoodooDaddy at 2008-12-15 11:02:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 140 GB (92%) free of 153 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:11 AM, on 12/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\umonit.exe
D:\Program Files\WinPortrait\wpctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
d:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\System Explorer\SystemExplorer.exe
d:\Program Files\WinPortrait\floater.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\NetPerSec\NetPerSec.exe
C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\LVComsX.exe
D:\Program Files\ASUS\ProbeV2.64.03\AsusProb.exe
F:\Program Files\BOINC\boincmgr.exe
F:\Program Files\BOINC\boinc.exe
D:\Program Files\TrueCrypt\TrueCrypt.exe
D:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Program Files\Mozilla Firefox3\firefox.exe
d:\Program Files\IDA5.5\ida.exe
C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\VoodooDaddy.VOODOOJR\Desktop\RSIT.exe
D:\Program Files\trend micro\VoodooDaddy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.logitech.com/cf/support/itouchfiles.cfm?L=1033&V=K.2.22.0&D=K.50443_31&P=1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - d:\PROGRA~1\IDA5.5\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [PivotSoftware] "d:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ASUS Probe] D:\Program Files\ASUS\ProbeV2.64.03\AsusProb.exe
O4 - HKCU\..\Run: [SystemExplorer] "D:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - Startup: 01 taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: 02 NetPerSec.lnk = D:\Program Files\NetPerSec\NetPerSec.exe
O4 - Startup: NetPerSec.lnk = D:\Program Files\NetPerSec\NetPerSec.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: Download ALL with IDA - d:\Program Files\IDA5.5\idaieall.htm
O8 - Extra context menu item: Download with IDA - d:\Program Files\IDA5.5\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - d:\Program Files\IDA5.5\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - d:\Program Files\IDA5.5\ida.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190312090937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173069687558
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6628 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files\Common\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}]
IE 4.x-6.x BHO for Internet Download Accelerator - d:\PROGRA~1\IDA5.5\idaiehlp.dll [2008-02-14 152576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - D:\Program Files\Real\rpbrowserrecordplugin.dll [2008-04-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - d:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UMonit"=C:\WINDOWS\system32\umonit.exe [2003-11-27 53248]
"PivotSoftware"=d:\Program Files\WinPortrait\wpctrl.exe [2004-01-04 692120]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-09 158208]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"ASUS Probe"=D:\Program Files\ASUS\ProbeV2.64.03\AsusProb.exe [2002-12-06 617984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorer"=D:\Program Files\System Explorer\SystemExplorer.exe [2008-08-25 1833472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
D:\Program Files\Common\Adobe\Updater5\AdobeUpdater.exe [2008-11-10 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
d:\Program Files\Common\Symantec Shared\ccApp.exe [2004-12-13 58992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
d:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2003-10-06 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
d:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2007-09-07 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
D:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
D:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
D:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
d:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
d:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-06-12 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
d:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
d:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
d:\Program Files\Common\Real\Update_OB\realsched.exe [2008-04-17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
d:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch.exe [2004-03-18 892928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"WebClient"=2
"W32Time"=2
"usnsvc"=3
"UPS"=3
"Symantec Core LC"=2
"Stuffit Archive Name Service"=2
"stisvc"=2
"SQLAgent$MICROSOFTSMLBIZ"=3
"seclogon"=2
"SCardSvr"=3
"RemoteRegistry"=2
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"Norton Ghost"=2
"MSSQLServerADHelper"=3
"mnmsrvc"=3
"iPod Service"=3
"FastUserSwitchingCompatibility"=3
"Creative Service for CDROM Access"=2
"ccSetMgr"=2
"ccPwdSvc"=3
"ccEvtMgr"=2
"Apple Mobile Device"=2
"Alerter"=2
"aawservice"=2
"ndassvc"=2
"GEARSecurity"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SATARAID5.lnk - D:\Program Files\Silicon Image\3114 SATARAID5\sam.jar

C:\Documents and Settings\VoodooDaddy.VOODOOJR\Start Menu\Programs\Startup
01 taskmgr.lnk - C:\WINDOWS\system32\taskmgr.exe
02 NetPerSec.lnk - D:\Program Files\NetPerSec\NetPerSec.exe
NetPerSec.lnk - D:\Program Files\NetPerSec\NetPerSec.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=D:\Program Files\Eudora\EuShlExt.dll [2003-03-31 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=FFFFFF03
"NoDrives"=02000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Program Files\Yahoo!\Messenger\YServer.exe"="D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\Program Files\Grisoft\AVG Free\avginet.exe"="D:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"D:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="D:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\Program Files\Grisoft\AVG Free\avgcc.exe"="D:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"D:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="D:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"D:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="D:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\MSN Messenger\msnmsgr.exe"="D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-15 11:02:42 ----D---- D:\Program Files\trend micro
2008-12-15 11:02:38 ----D---- C:\rsit
2008-12-06 17:36:48 ----D---- D:\Program Files\Windows Installer Clean Up
2008-12-06 17:22:52 ----D---- D:\Program Files\CCleaner
2008-12-04 17:16:25 ----D---- D:\Program Files\7-Zip
2008-12-02 13:47:17 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-02 12:25:19 ----D---- C:\WINDOWS\Prefetch
2008-12-02 11:42:59 ----D---- C:\Program Files\Common Files\Adobe
2008-12-02 09:53:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-02 09:52:33 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-02 09:52:11 ----D---- C:\Program Files\Common Files\Services
2008-12-02 09:52:08 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-02 09:51:47 ----D---- C:\Program Files\Common Files\System
2008-12-02 09:42:38 ----A---- C:\WINDOWS\pnplog.txt
2008-12-02 09:36:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-02 09:36:03 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-02 09:35:52 ----RA---- C:\WINDOWS\SET70.tmp
2008-12-02 09:35:50 ----RA---- C:\WINDOWS\SET64.tmp
2008-12-02 09:35:48 ----RA---- C:\WINDOWS\SET61.tmp
2008-12-02 08:53:50 ----D---- C:\Program Files\Common Files\ODBC
2008-12-02 08:53:46 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-02 08:53:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-02 08:53:27 ----RA---- C:\WINDOWS\SETE3.tmp
2008-12-02 08:53:24 ----RA---- C:\WINDOWS\SETD7.tmp
2008-12-02 08:53:22 ----RA---- C:\WINDOWS\SETD4.tmp

======List of files/folders modified in the last 1 months======

2008-12-15 11:03:11 ----D---- C:\WINDOWS\Temp
2008-12-15 09:18:55 ----D---- D:\Program Files\Mozilla Firefox3
2008-12-15 01:13:52 ----A---- C:\WINDOWS\lviewpro.ini
2008-12-11 10:24:35 ----D---- C:\WINDOWS
2008-12-09 14:16:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 23:49:18 ----D---- D:\Program Files\FolderSizes
2008-12-08 10:57:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-08 10:53:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 10:14:05 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 10:14:05 ----D---- C:\WINDOWS\system32
2008-12-06 17:36:51 ----SHD---- C:\WINDOWS\Installer
2008-12-06 17:36:51 ----D---- C:\Config.Msi
2008-12-06 17:35:36 ----D---- D:\Program Files\MSECache
2008-12-05 21:17:24 ----D---- D:\Program Files\Spybot - Search & Destroy
2008-12-05 21:03:08 ----D---- D:\Program Files\System Explorer
2008-12-05 20:57:16 ----D---- D:\Program Files\Mozilla Firefox
2008-12-04 14:16:02 ----D---- C:\Documents and Settings\VoodooDaddy.VOODOOJR\Application Data\Mozilla
2008-12-04 13:21:36 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 12:12:22 ----D---- D:\Program Files\Common
2008-12-03 00:22:50 ----N---- C:\WINDOWS\system.ini
2008-12-03 00:00:49 ----N---- C:\WINDOWS\win.ini
2008-12-03 00:00:49 ----ASH---- C:\boot.ini
2008-12-02 23:46:17 ----D---- D:\Program Files\RecordNow MAX
2008-12-02 13:49:38 ----D---- D:\Program Files\Panda Security
2008-12-02 13:48:04 ----HD---- D:\Program Files\InstallShield Installation Information
2008-12-02 13:48:02 ----D---- D:\Program Files\PowerQuest
2008-12-02 12:31:08 ----SHD---- C:\System Volume Information
2008-12-02 12:29:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-02 11:35:00 ----D---- C:\WINDOWS\system32\Restore
2008-12-02 10:32:49 ----D---- C:\WINDOWS\security
2008-12-02 10:32:39 ----D---- C:\WINDOWS\pss
2008-12-02 10:19:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 10:19:27 ----RSD---- C:\WINDOWS\Fonts
2008-12-02 10:09:52 ----A---- C:\WINDOWS\system32\wpfb_nv4_disp.dll
2008-12-02 10:03:23 ----D---- C:\WINDOWS\Registration
2008-12-02 10:03:22 ----HD---- C:\WINDOWS\inf
2008-12-02 10:03:15 ----A---- C:\WINDOWS\setuplog.txt
2008-12-02 09:58:26 ----D---- C:\WINDOWS\system32\config
2008-12-02 09:58:26 ----D---- C:\WINDOWS\nview
2008-12-02 09:53:17 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-02 09:53:13 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-02 09:52:36 ----RD---- C:\WINDOWS\Web
2008-12-02 09:52:36 ----RD---- C:\Program Files
2008-12-02 09:52:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-02 09:52:13 ----D---- C:\WINDOWS\system32\oobe
2008-12-02 09:51:17 ----D---- C:\WINDOWS\system32\Com
2008-12-02 09:50:48 ----D---- C:\WINDOWS\system32\wbem
2008-12-02 09:35:56 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-02 09:35:54 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-02 08:53:57 ----A---- C:\WINDOWS\imsins.BAK
2008-12-02 01:32:37 ----D---- C:\WINDOWS\system32\Setup
2008-12-02 01:32:37 ----D---- C:\WINDOWS\system
2008-12-02 01:32:35 ----D---- C:\WINDOWS\Help
2008-12-02 01:32:30 ----D---- C:\WINDOWS\system32\usmt
2008-12-02 01:32:24 ----D---- C:\WINDOWS\AppPatch
2008-12-02 01:32:17 ----D---- C:\WINDOWS\mui
2008-12-02 01:32:17 ----D---- C:\WINDOWS\ehome
2008-12-02 01:32:16 ----D---- C:\WINDOWS\ime
2008-12-02 01:32:15 ----D---- C:\WINDOWS\Media
2008-12-02 01:32:07 ----D---- C:\WINDOWS\PeerNet
2008-12-02 01:31:55 ----D---- C:\WINDOWS\system32\npp
2008-12-02 01:31:50 ----D---- C:\WINDOWS\msagent
2008-12-02 01:29:25 ----D---- C:\WINDOWS\twain_32
2008-12-02 01:28:40 ----D---- C:\WINDOWS\system32\icsxml
2008-12-02 01:28:01 ----D---- C:\WINDOWS\system32\ias
2008-12-02 01:27:57 ----D---- C:\WINDOWS\system32\1033
2008-12-02 01:27:03 ----D---- C:\WINDOWS\Driver Cache
2008-12-02 00:44:50 ----D---- C:\WINDOWS\WinSxS
2008-11-30 14:17:50 ----A---- C:\WINDOWS\iTouch.ini
2008-11-18 12:03:32 ----D---- D:\Program Files\YahELite
2008-11-18 12:03:32 ----A---- C:\WINDOWS\YAHELITE_IGNORE.INI
2008-11-18 12:03:32 ----A---- C:\WINDOWS\YAHELITE.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-09-25 141184]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2006-09-19 15664]
R1 pivot;pivot; C:\WINDOWS\system32\drivers\pivot.sys [2004-01-04 15401]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2006-12-23 80768]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-05-03 188672]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-09-25 200832]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]
R2 AsProbe;AsProbe; \??\C:\WINDOWS\system32\drivers\AsProbe.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 ndasbus;NDAS Bus Driver; C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2006-03-20 59136]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-02-24 33408]
R3 nvmpu401;Service for NVIDIA(R) nForce(TM) MIDI UART; C:\WINDOWS\system32\drivers\nvmpu401.sys [2004-05-25 10240]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-02-24 12928]
R3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-15 43264]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys []
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys []
S1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-09-25 289792]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys []
S3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
S3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2006-11-21 203264]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-02-23 645360]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-06-23 371376]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-10-14 332800]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-10-08 6096]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-10-08 130288]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-09-25 23936]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-10-13 145488]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-11-27 6016]
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2006-11-18 29184]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-02-24 904784]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-10-21 148432]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\drivers\hidusb.sys [2004-08-04 9600]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-03-03 14095]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-09-25 23808]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 ndasscsi;NDAS SCSI Miniport Driver; C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2006-03-20 115584]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-10-08 178672]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-04-07 16694]
S3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WmAdiHid;Logitech WingMan Digital Devices Driver; C:\WINDOWS\system32\drivers\WmAdiHid.sys [2003-05-14 20704]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 HP Status Server;HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [2004-06-10 73728]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; d:\Program Files\Common\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; d:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 aawservice;Lavasoft Ad-Aware Service; d:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-26 611664]
S4 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S4 ccEvtMgr;Symantec Event Manager; d:\Program Files\Common\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]
S4 ccPwdSvc;Symantec Password Validation; d:\Program Files\Common\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]
S4 ccSetMgr;Symantec Settings Manager; d:\Program Files\Common\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]
S4 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2007-09-07 503608]
S4 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-03 9150464]
S4 MSSQLServerADHelper;MSSQLServerADHelper; d:\Program Files\\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S4 ndassvc;NDAS Service; d:\Program Files\NDAS\System\ndassvc.exe [2006-03-20 304640]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 Norton Ghost;Norton Ghost; d:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-09-09 2066024]
S4 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service; d:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe [2007-05-01 157264]
S4 Symantec Core LC;Symantec Core LC; d:\Program Files\Common\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-07-02 822424]
S4 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Linus12
2008-12-15, 21:07
Contents of info.txt
===============================
info.txt logfile of random's system information tool 1.04 2008-12-15 11:03:13

======Uninstall list======

-->"d:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
-->d:\Program Files\Common\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
7-Zip 4.62-->"D:\Program Files\7-Zip\Uninstall.exe"
Active@ KillDisk FREE Suite-->"D:\Program Files\KillDisk\UNWISE.EXE" "D:\Program Files\KillDisk\INSTALL.LOG"
ActivePerl 5.8.8 Build 820-->MsiExec.exe /I{B7A1E737-0347-4B8A-B1A8-1D4624C3C45A}
ActivePerl 5.8.8 Build 822-->MsiExec.exe /I{D0E5A0E6-5947-4F21-B8AE-5129D153083B}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Asus Probe V2.64.03-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{1DD89FD0-39F5-4B1C-932D-D32B3CA9694D}\Setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AVG Free 8.0-->D:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Beyond Compare Version 2.5.2-->"D:\Program Files\Beyond Compare 2\Beyond Compare 2\unins000.exe"
BOINC-->MsiExec.exe /I{ADF69C76-13FF-49F0-A078-922725A8B1B6}
Buddy Spy 2.2.19-->"d:\Program Files\Buddy Spy\unins000.exe"
Canon Camera Window for ZoomBrowser EX-->d:\PROGRA~1\Common\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fD:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"D:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2-->d:\PROGRA~1\Common\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1-->d:\PROGRA~1\Common\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7-->d:\PROGRA~1\Common\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Click'N Design 3D V4.82-->D:\PROGRA~1\RECORD~2\CLICK'~1\UNWISE.EXE D:\PROGRA~1\RECORD~2\CLICK'~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\Setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Culpa Innata-->"f:\Program Files\Culpa Innata\unins000.exe"
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
Eudora-->C:\WINDOWS\IsUninst.exe -f"d:\program files\eudora\Uninst.isu" -c"d:\program files\eudora\EudUnInst.dll"
EZDetach (remove only)-->"d:\Program Files\TechHit.com\EZDetach\uninstall.exe"
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
Flickr Uploadr 3.0.5-->"d:\Program Files\Flickr Uploadr\uninstall.exe"
FLV Player 2.0, build 24-->d:\Program Files\FLV Player\uninst.exe
FolderSizes 3.6-->"d:\Program Files\FolderSizes\unins000.exe"
Forté Agent-->D:\PROGRA~1\Agent4\UNWISE.EXE D:\PROGRA~1\Agent4\INSTALL.LOG
Generic color icon driver-->C:\WINDOWS\temp\fixustor\remove.exe
Genesys USB Mass Storage Device-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\Setup.exe"
Google Talk (remove only)-->"d:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{DFB48451-4F78-33DC-BC42-8C403C74939F}
HanDBase Professional for Palm OS v4-->"d:\Program Files\HanDBase4\unins000.exe"
HanDBase® Professional for Palm OS v3.5-->"d:\Program Files\HanDBase3\unins000.exe"
Hard Disk Scrubber v2.1-->"d:\Program Files\HDSCRUB\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"D:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Color LaserJet 3800-->"d:\Program Files\Hewlett-Packard\Install Engines\HP Color LaserJet 3800\setup.exe" /x
HP Color LaserJet 3800-->msiexec /x{4D5795B4-76AC-473B-82DA-0AE6CBB4BD8C}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Internet Download Accelerator version 5.6-->"d:\Program Files\IDA5.5\unins000.exe"
IrfanView (remove only)-->D:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Linksys EasyLink Advisor 1.5 (1032)-->rundll32 D:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->d:\Program Files\Common\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->d:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Gaming Software-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{93EC14D5-7AAA-4EAD-BB75-013817A96598}\Setup.Exe" -l0x9
Logitech Gaming Software-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Logitech iTouch Software-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 -->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech QuickCam Software-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"D:\Program Files\Common\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LView Pro Full Version-->D:\Program Files\LViewPro-285\LVUninst.exe
Marine Sharpshooter-->F:\PROGRA~1\SHARPS~1\UNWISE.EXE F:\PROGRA~1\SHARPS~1\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds-->MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.14)-->D:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.4)-->D:\Program Files\Mozilla Firefox3\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NDAS Software 3.11.1327-->MsiExec.exe /I{A12A36D3-ACB7-11D9-8E75-000D614181EB}
NewzToolz v2.0.0-->"d:\Program Files\NewzToolz\unins000.exe"
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
Pinnacle device drivers-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3F866D37-22D0-435D-94F1-31A64D566D0E}\Setup.exe" -l0x9
Pivot Software-->d:\Program Files\WinPortrait\wpbegone.exe
Post Mortem-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\Post Mortem\Setup.exe" -l0x9
PowerDVD-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prime95-->"d:\Program Files\Prime95\Uninstall.exe" "d:\Program Files\Prime95\install.log"
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->d:\Program Files\Common\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Sound Blaster Audigy 2 ZS-->RunDll32 d:\PROGRA~1\Common\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\Setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"d:\Program Files\Spybot - Search & Destroy\unins001.exe"
Stomp RecordNow MAX-->MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
Studio 9-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\setup.exe" -l0x9 UNINSTALL
StuffIt 11-->MsiExec.exe /X{8424EF22-44CF-4DD4-B702-FADA3998F4BA}
System Explorer 1.5-->"D:\Program Files\System Explorer\unins000.exe"
The Black Mirror 1.0-->"F:\Program Files\The Black Mirror\unins000.exe"
ThumbsPlus 7.0 SP1 Build 2234-->D:\PROGRA~1\Thumbs7\UNWISE32.EXE D:\Program Files\Thumbs7\INSTALL.LOG
ThumbsPlus version 7.0sp1-->D:\PROGRA~1\\Thumbs7\UNWISE.EXE D:\PROGRA~1\\Thumbs7\INSTALL.LOG
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Trillian-->d:\Program Files\Trillian\trillian.exe /uninstall
TrueCrypt-->"D:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u D:\Program Files\TrueCrypt\
TurboTax Deluxe Deduction Maximizer 2006-->D:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "D:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UHS Reader (Version 4.6)-->D:\PROGRA~1\\UHS\UNWISE.EXE D:\PROGRA~1\\UHS\INSTALL.LOG
UHS Reader (Version 6.10)-->D:\PROGRA~1\\UHS\UNWISE.EXE D:\PROGRA~1\\UHS\INSTALL.LOG
Undelete Plus 2.91-->"d:\Program Files\FDRLab\Undelete Plus\unins000.exe"
Undelete Plus 2.94-->"d:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Viewpoint Media Player-->d:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VoodooPC VNC-->MsiExec.exe /X{61E5953D-D730-4341-928F-2E5AEB030EF2}
WexTech AnswerWorks-->RunDll32 D:\PROGRA~1\Common\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger-->MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 11-->"d:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->d:\Program Files\WinRAR\uninstall.exe
WinZip Command Line Support Add-On 1.1 SR-1-->D:\Program Files\WinZip\winzip32 /auninstall wzcline
WinZip-->"d:\Program Files\WinZip\WINZIP32.EXE" /uninstall
YahELite 302-->d:\PROGRA~1\YahELite\Setup.exe /remove
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u D:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=070a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"CLASSPATH"=.;D:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

katana
2008-12-15, 23:46
Well, there doesn't look to be any infection present but let's have a couple of scans before we decide properly


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If required, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Linus12
2008-12-17, 06:26
Hi Katana,
Here's the Malwarebytes scan.... Next post will be the Kaspersky Online Scanner

=============================================
Malwarebytes' Anti-Malware 1.31
Database version: 1508
Windows 5.1.2600 Service Pack 2

12/16/2008 8:24:54 PM
mbam-log-2008-12-16 (20-24-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|J:\|L:\|Y:\|Z:\|)
Objects scanned: 263157
Time elapsed: 2 hour(s), 55 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Linus12
2008-12-17, 19:04
Scan results.

I humbly await your analysis.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 17, 2008 03:13:23
Records in database: 1467578
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
J:\
L:\
M:\
N:\
O:\
P:\
R:\
S:\
Y:\
Z:\

Scan statistics:
Files scanned: 217938
Threat name: 14
Infected objects: 18
Suspicious objects: 5
Duration of the scan: 06:26:19


File name / Threat name / Threats count
C:\WINDOWS\system32\omnithread_rt.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g 1
D:\Program Files\Voodoo\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1
E:\crossloop\crossloopsetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
E:\crossloop\crossloopsetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
E:\data\backup\Cigar\iksw\iksw2k21.exe Infected: not-a-virus:Monitor.Win32.IKSlog.21 1
E:\data\backup\Cigar\iksw\iksw2k21.zip Infected: not-a-virus:Monitor.Win32.IKSlog.21 1
E:\data\backup\LexarMedia\d2\winknl32.sys Infected: not-a-virus:Monitor.Win32.IKSlog.21 1
E:\Downloads\IKS\iksw2k21.exe Infected: not-a-virus:Monitor.Win32.IKSlog.21 1
E:\Downloads\Viewers\IE\IECacheView.exe Infected: not-a-virus:PSWTool.Win32.NetPass.cx 1
E:\Downloads\Viewers\iecacheview.zip Infected: not-a-virus:PSWTool.Win32.NetPass.cx 1
E:\Downloads\Viewers\Moziila\MozillaCacheView.exe Infected: not-a-virus:PSWTool.Win32.NetPass.dk 1
E:\Downloads\Viewers\mozillacacheview.zip Infected: not-a-virus:PSWTool.Win32.NetPass.dk 1
E:\Downloads\Viewers\Office\PstPassword.exe Infected: not-a-virus:PSWTool.Win32.WinPassViewer.m 1
E:\Downloads\Viewers\pstpassword.zip Infected: not-a-virus:PSWTool.Win32.WinPassViewer.m 1
E:\Outlook\Eudora\Eudora01.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2
E:\Temp\Dave.pst Infected: not-a-virus:Monitor.Win32.IKSlog.21 2
E:\Temp\Dave.pst Suspicious: Password-protected-EXE 1
F:\Syquest\005\dave\home06\ramidlnt.zip Infected: not-a-virus:AdWare.Win32.OnFlow 1
G:\Agent\nData3_CC\00001F1F.DAT Suspicious: Exploit.Win32.MS05-036 1
G:\Agent\odata\yM\JustBecause_00.pst Infected: Email-Worm.Win32.Nyxem.e 1
G:\Agent\odata\yM\MAMOP_07.pst Suspicious: Email-Worm.Win32.Bagle.mail 1

The selected area was scanned.

katana
2008-12-17, 21:13
Do you know anything about these remote access programs ?

C:\WINDOWS\system32\omnithread_rt.dll
D:\Program Files\Voodoo\vncviewer.exe
E:\crossloop\crossloopsetup.exe


Or these password viewer tools

E:\Downloads\Viewers\IE\IECacheView.exe
E:\Downloads\Viewers\iecacheview.zip
E:\Downloads\Viewers\Moziila\MozillaCacheView.exe
E:\Downloads\Viewers\mozillacacheview.zip
E:\Downloads\Viewers\Office\PstPassword.exe
E:\Downloads\Viewers\pstpassword.zip

These appear to be KeyLoggers, but they are not active. Unless you know why they are there, I suggest you delete them

E:\data\backup\Cigar\iksw\iksw2k21.exe
E:\data\backup\Cigar\iksw\iksw2k21.zip
E:\data\backup\LexarMedia\d2\winknl32.sys
E:\Downloads\IKS\iksw2k21.exe

I don't know if these are backups or if you have programs installed on different drives.
They look to be e-mail archives and one is in a temp folder ??

E:\Outlook\Eudora\Eudora01.pst << Infected E-Mail Archive
E:\Temp\Dave.pst << Infected E-Mail Archive


I have no idea what these folders are at all, again a couple look to be e-mail archives

F:\Syquest\005\dave\home06\ramidlnt.zip
G:\Agent\nData3_CC\00001F1F.DAT
G:\Agent\odata\yM\JustBecause_00.pst << Infected E-Mail Archive
G:\Agent\odata\yM\MAMOP_07.pst << Infected E-Mail Archive

Linus12
2008-12-18, 21:14
He he he... thought some of those looked familiar....


Do you know anything about these remote access programs ?

C:\WINDOWS\system32\omnithread_rt.dll
D:\Program Files\Voodoo\vncviewer.exe
E:\crossloop\crossloopsetup.exe



VNCViewer/omnithread and crossloop were to be used to help my parents with their PCs. Never installed crossloop and only installed the server side of VNC. Will uninstall VNC now.[/B

So it looks like I'm relatively clean at this point? (except for the noted exceptions above...)





Or these password viewer tools
[b]
E:\Downloads\Viewers\IE\IECacheView.exe
E:\Downloads\Viewers\iecacheview.zip
E:\Downloads\Viewers\Moziila\MozillaCacheView.exe
E:\Downloads\Viewers\mozillacacheview.zip
E:\Downloads\Viewers\Office\PstPassword.exe
E:\Downloads\Viewers\pstpassword.zip

Not all of these are password viewer tools, but they are used to keep track of my kids' viewing habits. They are known and should be there. (They are usually installed on a thumbdrive for me to use when I visit their particular machines.)



These appear to be KeyLoggers, but they are not active. Unless you know why they are there, I suggest you delete them

E:\data\backup\Cigar\iksw\iksw2k21.exe
E:\data\backup\Cigar\iksw\iksw2k21.zip
E:\data\backup\LexarMedia\d2\winknl32.sys
E:\Downloads\IKS\iksw2k21.exe

Yep, these are modified Keyloggers for use on my kids' PC. They have signitures that don't match the original ones, hence they are "stealthier".



I don't know if these are backups or if you have programs installed on different drives.
They look to be e-mail archives and one is in a temp folder ??

E:\Outlook\Eudora\Eudora01.pst << Infected E-Mail Archive
E:\Temp\Dave.pst << Infected E-Mail Archive


Yep... been looking through e-mail archives and loaded them from a CD back to the PC (Outlook won't open them if they are on "read-only" media. I have scanned these before, and I believe they are either A) False positives, B) Source emails with the keyloggers and viewers listed above, or C) Test virus messages that are used to see if the "heuristic scanners" are working correctly.



I have no idea what these folders are at all, again a couple look to be e-mail archives

F:\Syquest\005\dave\home06\ramidlnt.zip
G:\Agent\nData3_CC\00001F1F.DAT
G:\Agent\odata\yM\JustBecause_00.pst << Infected E-Mail Archive
G:\Agent\odata\yM\MAMOP_07.pst << Infected E-Mail Archive


First one is an old disc that I am currently archiving. It's a RAM optimizer for an old NT system that is just about to be retired.
DAT file is a data file from a newsgroup reader (probably does have a virus in there, and yes... I'm cleaning that one out, it's just taking longer than usual)

The two PST files are mail input files and may have infected attachments. I'm searching for them now (most .exe and .inf files are dumped before they are downloaded, but sometimes they slip through) Again, will try to figure out which ones have them and delete the specific messages.

katana
2008-12-18, 22:08
Since you know what they all are, let's have one last scan to make sure that nothing is hiding.


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Linus12
2008-12-23, 04:36
Hi Katana,

:oops:Been busy with family and all... Will try to run and post results later tonight or tomorrow morning.

Dave

Linus12
2008-12-25, 01:29
Combo Fix Log: (Finally) :santa: :present: :buried:

ComboFix 08-12-24.01 - VoodooDaddy 2008-12-24 15:19:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1366 [GMT -8:00]
Running from: c:\documents and settings\VoodooDaddy.VOODOOJR\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\program files\INSTALL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-22 22:04 . 2008-12-22 22:04 <DIR> d-------- c:\documents and settings\VoodooDaddy.VOODOOJR\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-12-22 22:03 . 2008-12-22 22:03 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-22 22:01 . 2008-12-23 16:05 <DIR> d-------- d:\program files\NOS
2008-12-22 22:01 . 2008-12-23 16:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-19 12:34 . 2008-12-19 12:34 <DIR> d-------- d:\program files\Stomp
2008-12-16 14:04 . 2008-12-16 14:04 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-12-16 14:04 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 14:04 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 11:02 . 2008-12-15 11:03 <DIR> d-------- d:\program files\trend micro
2008-12-15 11:02 . 2008-12-15 11:03 <DIR> d-------- C:\rsit
2008-12-06 17:36 . 2008-12-06 17:36 <DIR> d-------- d:\program files\Windows Installer Clean Up
2008-12-06 17:22 . 2008-12-06 17:22 <DIR> d-------- d:\program files\CCleaner
2008-12-04 17:16 . 2008-12-04 17:16 <DIR> d-------- d:\program files\7-Zip
2008-12-03 12:11 . 2008-12-03 12:11 99,286,314 --a------ C:\Regfile_middle_of_Roxio_purge.reg
2008-12-02 13:47 . 2008-12-02 13:48 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-12-02 12:24 . 2008-12-23 16:04 912 --a------ c:\windows\system32\miniPortInfo.dat
2008-12-02 11:42 . 2008-12-22 22:07 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-02 09:54 . 2004-08-04 04:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-02 09:53 . 2004-08-04 04:00 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-12-02 09:52 . 2004-08-04 04:00 848,384 --a--c--- c:\windows\system32\dllcache\vgx.dll
2008-12-02 09:51 . 2004-08-04 04:00 4,256,768 --a--c--- c:\windows\system32\dllcache\wmm2res.dll
2008-12-02 09:50 . 2004-08-04 04:00 2,178,131 --a--c--- c:\windows\system32\dllcache\shvlres.dll
2008-12-02 09:36 . 2004-08-04 04:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-12-02 09:36 . 2004-08-04 04:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-12-02 09:36 . 2004-08-04 04:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-12-02 09:36 . 2004-08-04 04:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-12-02 09:35 . 2004-08-04 04:00 1,086,058 -ra------ c:\windows\SET64.tmp
2008-12-02 09:35 . 2004-08-04 04:00 1,042,903 -ra------ c:\windows\SET61.tmp
2008-12-02 09:35 . 2004-08-04 04:00 13,753 -ra------ c:\windows\SET70.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 23:07 --------- d-----w d:\program files\Mozilla Firefox3
2008-12-19 20:33 --------- d-----w d:\program files\RecordNow MAX
2008-12-09 07:49 --------- d-----w d:\program files\FolderSizes
2008-12-07 01:35 --------- d-----w d:\program files\MSECache
2008-12-06 05:17 --------- d-----w d:\program files\Spybot - Search & Destroy
2008-12-06 05:03 --------- d-----w d:\program files\System Explorer
2008-12-04 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-03 20:12 --------- d-----w d:\program files\Common
2008-12-02 21:49 --------- d-----w d:\program files\Panda Security
2008-12-02 21:48 --------- d--h--w d:\program files\InstallShield Installation Information
2008-12-02 21:48 --------- d-----w d:\program files\PowerQuest
2008-12-02 18:09 58,920 ----a-w c:\windows\system32\wpfb_nv4_disp.dll
2008-11-18 20:03 --------- d-----w d:\program files\YahELite
2008-11-14 21:43 --------- d-----w d:\program files\KillDisk
2008-11-14 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2008-11-13 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 05:34 --------- d-----w d:\program files\Thumbs7
2008-11-04 20:40 --------- d-----w d:\program files\Recuva
2008-10-28 04:48 --------- d-----w c:\documents and settings\VoodooDaddy.VOODOOJR\Application Data\Malwarebytes
2008-10-28 04:48 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-26 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-26 21:41 --------- d-----w d:\program files\Lavasoft
2008-10-22 20:29 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2008-10-22 20:19 106,496 ----a-w c:\windows\system32\ATL71.DLL
2005-09-16 01:26 44,153 ----a-w d:\program files\mozilla firefox\components\inspector.dll
2008-04-17 19:35 67,696 ----a-w d:\program files\mozilla firefox\components\jar50.dll
2008-04-17 19:35 54,376 ----a-w d:\program files\mozilla firefox\components\jsd3250.dll
2008-04-17 19:35 34,952 ----a-w d:\program files\mozilla firefox\components\myspell.dll
2008-04-17 19:35 46,720 ----a-w d:\program files\mozilla firefox\components\spellchk.dll
2008-04-17 19:35 172,144 ----a-w d:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemExplorer"="d:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMonit"="c:\windows\system32\umonit.exe" [2003-11-27 53248]
"PivotSoftware"="d:\program files\WinPortrait\wpctrl.exe" [2004-01-04 692120]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-09 158208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ASUS Probe"="d:\program files\ASUS\ProbeV2.64.03\AsusProb.exe" [2002-12-06 617984]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="d:\program files\Common\Real\Update_OB\realsched.exe" [2008-04-17 185896]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

c:\documents and settings\VoodooDaddy.VOODOOJR\Start Menu\Programs\Startup\
01 taskmgr.lnk - c:\windows\system32\taskmgr.exe [2004-08-04 135680]
02 NetPerSec.lnk - d:\program files\NetPerSec\NetPerSec.exe [2005-05-20 192512]
NetPerSec.lnk - d:\program files\NetPerSec\NetPerSec.exe [2005-05-20 192512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SATARAID5.lnk - d:\program files\Silicon Image\3114 SATARAID5\sam.jar [2008-04-25 1510673]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\program files\Eudora\EuShlExt.dll" [2003-03-31 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-13 14:30 58992 d:\program files\Common\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 00:00 45056 d:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-04-02 20:07 389120 d:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-12 14:18 133104 c:\documents and settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 13:22 3739648 d:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 15:55 267064 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 d:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 d:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 d:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2005-09-09 18:09 1537648 d:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-12-04 11:34 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2003-06-12 08:47 135168 d:\program files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 d:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a------ 2002-12-03 17:06 45056 d:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 d:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-17 15:49 185896 d:\program files\Common\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 d:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2004-03-18 08:33 892928 c:\program files\Logitech\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-10-06 12:57 24576 c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--a------ 2003-12-17 07:50 19968 c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-15 02:20 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"usnsvc"=3 (0x3)
"UPS"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Stuffit Archive Name Service"=2 (0x2)
"stisvc"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"Norton Ghost"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Alerter"=2 (0x2)
"aawservice"=2 (0x2)
"ndassvc"=2 (0x2)
"GEARSecurity"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\msncall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\VoodooDaddy.VOODOOJR\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\VoodooDaddy.VOODOOJR\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R0 lfsfilt;Lean File Sharing;c:\windows\system32\DRIVERS\lfsfilt.sys [2007-04-12 140160]
R0 lpx;LPX Protocol;c:\windows\system32\DRIVERS\lpx.sys [2006-03-20 44288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-24 97928]
R2 AsProbe;AsProbe;\??\c:\windows\system32\drivers\AsProbe.sys [2006-09-04 4644]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 231704]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\DRIVERS\ndasbus.sys [2006-03-20 59136]
S3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2005-05-09 203264]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-05-09 6016]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2005-05-09 14095]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\DRIVERS\ndasscsi.sys [2006-03-20 115584]
S3 WmAdiHid;Logitech WingMan Digital Devices Driver;c:\windows\system32\drivers\WmAdiHid.sys [2006-07-02 20704]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;"d:\program files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 157264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\VoodooDaddy.VOODOOJR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 14:18]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeUpdater - d:\program files\Common\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - d:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-updateMgr - d:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.logitech.com/cf/support/itouchfiles.cfm?L=1033&V=K.2.22.0&D=K.50443_31&P=1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA - d:\program files\IDA5.5\idaieall.htm
IE: Download with IDA - d:\program files\IDA5.5\idaie.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\VoodooDaddy.VOODOOJR\Application Data\Mozilla\Firefox\Profiles\28anxylo.Other\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\VoodooDaddy.VOODOOJR\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\Windows Media Player\npdrmv2.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay.dll
FF - plugin: c:\program files\Windows Media Player\npwmsdrm.dll
FF - plugin: d:\program files\Real\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Real\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Real\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 15:21:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?Hardware\Misc\F5CardReader\WinXP\fixustor.sys???????????????????????????w?4??????????tq??l??????|p??|????m??|C??w?????????4 ?B$?|???w???w*?,??4 ????????????????????????????????w????????????tq??????T???????????tq??????l??????
PivotSoftware = "d:\program files\WinPortrait\wpctrl.exe"??????????????w????R7???????o????????o?\ ?|???????|?????????a?????? ???~????o?j???????????????( ??????Service Pack 2?????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1176)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-24 15:21:54
ComboFix-quarantined-files.txt 2008-12-24 23:21:26

Pre-Run: 146,347,454,464 bytes free
Post-Run: 146,329,206,784 bytes free

282

katana
2008-12-25, 10:25
Hi Linus :)

Well, there is good news and bad news.
The good news is that your machine is completely clean of infection.
The bad news is that this means I have no idea what is causing your problems.

It sounds like a software corruption problem, something is trying to work in the background and failing miserably.
SInce you say that you have had problems with a card reader, then it could be related to
C:\WINDOWS\system32\umonit.exe
I would disable this with Winpatrol ( See Below) before doing anything else and see if it helps

Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware by me.

Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.


[u]Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png



----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Linus12
2008-12-26, 08:29
Hey Kantana,

Thanks for all your help. As I mentioned up front, I was able to fix the CPU problem by running a copy of the "kill" program that I had archived on my disk (a good reason to be a pack-rat sometimes!).

Thanks for letting me know that I'm clean at this point. Guess all that clean surfing (roflmao) I'm doing is really paying off.

Thanks again,

Dave