Welcome to TnT - Tips 'n' Tricks Forum -
The free and friendly computer support forum.		 Please feel free to browse the site as our guest or register to become a member. Membership is 100% free, and as a member you will be able to ask questions, reply to other members' questions or play the many games in the arcade etc. Please read the rules before posting. To register just click HERE. Enjoy!

Eratic CPU behaviour and random HDD activity  Topic is solved

Completed fixes - no posting allowed.
Topic locked

Eratic CPU behaviour and random HDD activity

Post Number : #1  Postby Jack.Sparrow » 31 Jul 2010 05:50

:wave:

My laptop has been displaying some odd behaviour lately. Avast found nothing, Malwarebyes found 1 file (false positive I think, still deleted it). Panda online had 24 but I accidentally closed the windows and it's not letting me run it again.

When I open GMER - I get a message saying: " D:Windows\system32\config\system: The system cannot find the file specified" and most of the check boxes aren't available so I didn't run it.

Running 7 Ultimate x64.

Log
---------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSX64
Run by Krishant Sharma at 13:37:10.81 on Sat 31/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.4095.2552 [GMT 10:00]


============== Running Processes ===============

D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
D:\Windows\SysWOW64\svchost.exe -k Cognizance
D:\Windows\system32\nvvsvc.exe
D:\Windows\system32\svchost.exe -k RPCSS
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\WUDFHost.exe
D:\Windows\system32\nvvsvc.exe
D:\Windows\system32\WUDFHost.exe
D:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
D:\Program Files\ATKGFNEX\GFNEXSrv.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files (x86)\Bonjour\mDNSResponder.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\taskeng.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
D:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
D:\Program Files\Synaptics\SynTP\SynTPHelper.exe
D:\Program Files\Synaptics\SynTP\SynAsus.exe
D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files (x86)\ATK Hotkey\Hcontrol.exe
D:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
D:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe
D:\Program Files\Wireless Console 2\wcourier.exe
D:\Program Files (x86)\ASUS\Splendid\ACMON.exe
D:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
D:\Program Files\P4G\BatteryLife.exe
D:\Windows\SysWOW64\ACEngSvr.exe
D:\Program Files (x86)\ATK Hotkey\Atouch64.exe
D:\Program Files (x86)\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
D:\Program Files (x86)\ATK Hotkey\KBFiltr.exe
D:\Program Files (x86)\ATK Hotkey\WDC.exe
D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\Windows Media Player\WMPSideShowGadget.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Windows\system32\taskhost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files (x86)\Java\jre6\bin\jusched.exe
D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
D:\Program Files (x86)\CyberLink\Shared files\brs.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
D:\Windows\system32\conhost.exe
D:\Windows\System32\svchost.exe -k secsvcs
D:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\taskmgr.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Users\Krishant Sharma\Desktop\dds.scr
D:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = d:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - d:\program files (x86)\asus security center\asus security protect manager\bin\ItIEAddIn.dll
uRun: [Google Update] "d:\users\krishant sharma\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] d:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NB Probe] c:\program files\asus\nb probe\NBProbe.exe
uRun: [bluCTRL Receiver] d:\program files (x86)\bluctrl\bluctrl receiver\bluCTRLReceiver.exe
uRun: [msnmsgr] "d:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [AnyDVD] d:\program files (x86)\slysoft\anydvd\AnyDVDtray.exe
mRun: [CognizanceTS] rundll32.exe d:\progra~2\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [ATKOSD2] "d:\program files\atkosd2\ATKOSD2.exe"
mRun: [ATKMEDIA] d:\program files (x86)\asus\atk media\DMEDIA.EXE
mRun: [avast5] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AdobeCS4ServiceManager] "d:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "d:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "d:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "d:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [UnlockerAssistant] "d:\program files (x86)\unlocker\UnlockerAssistant.exe"
mRun: [RemoteControl10] "d:\program files (x86)\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] d:\program files (x86)\cyberlink\shared files\brs.exe
mRun: [iTunesHelper] "d:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: d:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~2\micros~1\office12\REFIEBAR.DLL
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan ... stubie.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
AppInit_DLLs: APSHook.dll d:\windows\syswow64\guard32.dll
LSA: Notification Packages = scecli ASCredProv64
BHO-X64: ASUS Security Protect Manager: {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - d:\program files (x86)\asus security center\asus security protect manager\bin\ItIEAddIn64.dll
BHO-X64: ASUS Security Protect Manager - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [Launch LgDeviceAgent] "d:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "d:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "d:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [RtHDVCpl] d:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [COMODO Internet Security] "d:\program files\comodo\comodo internet security\cfp.exe" -h
AppInit_DLLs-X64: APSHook64.dll d:\windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - d:\users\krisha~1\appdata\roaming\mozilla\firefox\profiles\py4je6dh.default\

---- FIREFOX POLICIES ----
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;d:\windows\system32\drivers\lullaby.sys [2010-3-2 16440]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot64.sys [2010-7-30 33800]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-3-2 121936]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdGuard.sys [2010-4-9 236112]
R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [2010-4-9 33208]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/17 12:52:41];d:\program files (x86)\cyberlink\powerdvd10\navfilter\000.fcl [2010-4-2 146928]
R2 ASBroker;Logon Session Broker;d:\windows\system32\svchost.exe -k Cognizance [2009-7-14 27136]
R2 ASChannel;Local Communication Channel;d:\windows\system32\svchost.exe -k Cognizance [2009-7-14 27136]
R2 ASMMAP64;ASMMAP64;d:\program files\atkgfnex\ASMMAP64.sys [2010-3-2 14904]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-3-2 20048]
R2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [2010-3-2 61008]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-7-8 40384]
R2 CLPSLS;COMODO livePCsupport Service;d:\program files (x86)\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 regi;regi;d:\windows\system32\drivers\regi.sys [2007-4-16 14112]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-7-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-7-8 40384]
R3 btwl2cap;Bluetooth L2CAP Service;d:\windows\system32\drivers\btwl2cap.sys [2010-3-2 36392]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;d:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;d:\windows\system32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;d:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 netw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;d:\windows\system32\drivers\NETw5v64.sys [2010-3-2 4736512]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;d:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-3-21 1038088]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\drivers\Rt64win7.sys [2009-6-11 187392]
S3 USBAAPL64;Apple Mobile USB Driver;d:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\wat\WatAdminSvc.exe [2010-4-21 1255736]

=============== Created Last 30 ================

2010-07-30 06:26:01 0 d-----w- d:\users\krisha~1\appdata\roaming\Malwarebytes
2010-07-30 06:25:50 24664 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-07-30 06:25:50 0 d-----w- d:\programdata\Malwarebytes
2010-07-30 06:25:50 0 d-----w- d:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-30 03:53:34 0 d-----w- d:\program files (x86)\Seagate
2010-07-30 03:20:19 0 d-----w- d:\program files (x86)\DOSBox-0.74
2010-07-29 23:37:10 33800 ----a-w- d:\windows\system32\drivers\pavboot64.sys
2010-07-29 23:37:03 0 d-----w- d:\program files (x86)\Panda Security
2010-07-15 01:14:55 144384 ----a-w- d:\windows\system32\cdd.dll
2010-07-08 02:03:08 38848 ----a-w- d:\windows\avastSS.scr

==================== Find3M ====================

2010-07-09 04:18:34 236112 ----a-w- d:\windows\system32\drivers\cmdGuard.sys
2010-06-28 20:57:12 165032 ----a-w- d:\windows\syswow64\aswBoot.exe
2010-06-28 20:33:00 61008 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2010-06-12 11:36:35 45056 ----a-w- d:\windows\system32\acovcnt.exe
2010-06-04 05:35:15 354032 ----a-w- d:\windows\system32\guard64.dll
2010-06-04 05:35:12 278288 ----a-w- d:\windows\syswow64\guard32.dll
2010-06-04 05:35:09 33208 ----a-w- d:\windows\system32\drivers\cmdhlp.sys
2010-06-04 05:35:08 19840 ----a-w- d:\windows\system32\drivers\cmderd.sys
2010-05-27 07:24:13 34304 ----a-w- d:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- d:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- d:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- d:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- d:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- d:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- d:\windows\syswow64\jsproxy.dll
2010-05-21 04:14:28 270208 ------w- d:\windows\system32\MpSigStub.exe
2010-05-18 06:55:18 95520 ----a-w- d:\windows\system32\dnssd.dll
2010-05-18 06:55:18 119584 ----a-w- d:\windows\system32\dns-sd.exe
2010-05-18 06:35:16 91424 ----a-w- d:\windows\syswow64\dnssd.dll
2010-05-18 06:35:16 107808 ----a-w- d:\windows\syswow64\dns-sd.exe
2010-05-17 02:55:20 505128 ----a-w- d:\windows\syswow64\msvcp71.dll
2010-05-17 02:55:20 353576 ----a-w- d:\windows\syswow64\msvcr71.dll
2010-05-17 02:55:20 29480 ----a-w- d:\windows\syswow64\msxml3a.dll
2010-05-09 09:46:00 961024 ----a-w- d:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- d:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- d:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- d:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- d:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- d:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- d:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- d:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- d:\windows\syswow64\ieframe.dll
2009-07-14 05:37:38 31548 ----a-w- d:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- d:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- d:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- d:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- d:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- d:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- d:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- d:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- d:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- d:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- d:\windows\fonts\StaticCache.dat
2010-03-13 01:03:20 245760 --sha-w- d:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-13 01:39:31 245760 --sha-w- d:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- d:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:38:07.49 ===============
You need to be a registered member to view the files attached to this post.
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity

Post Number : #2  Postby Deejay100six » 31 Jul 2010 06:10

Hi Kris,

Obviously I can't even pretend to be an expert yet but be prepared. One thing I have picked up on is that many of the tools used by the security analysts are not compatible with 64 bit systems. That may change in the future but for now I don't think they will be able to do much to help. Anyway, I'll let the experts explain it to you better. Good luck though. :)
User avatar


TMEC Trainee
 
Posts: 1973
Joined: 12 September 2008
Location: Doncaster, England.
OS: Windows XP Professional

Re: Eratic CPU behaviour and random HDD activity

Post Number : #3  Postby Jack.Sparrow » 31 Jul 2010 09:24

Hi Dave,

Yeah, I read that in one of the stickies, it also mentioned that 64 bit systems are harder to infect. Just submitted it to get a basic look over, see if there are any signs of infection.
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity  Topic is solved

Post Number : #4  Postby Clark76 » 31 Jul 2010 14:18

Hello Kris,

It is correct that we are limited with the tools we are able to run on a 64 bit system. While DDS does run, it is not able to look everywhere on a 64 bit system.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I would also like to see the report from when you ran MBAM
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Image

Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
User avatar


Security Analyst, Moderator

Security Analyst, Moderator
 
Posts: 732
Joined: 03 June 2009
Location: Cleveland, Ohio
OS: XP, 7 Ultimate, Ubuntu 9.10
Highscores: 4

Re: Eratic CPU behaviour and random HDD activity

Post Number : #5  Postby Jack.Sparrow » 01 Aug 2010 00:14

Hi Ben,

Here are the logs:

##log.txt##


Logfile of random's system information tool 1.08 (written by random/random)
Run by Krishant Sharma at 2010-08-01 08:09:23
Microsoft Windows 7 Ultimate
System drive D: has 165 GB (72%) free of 228 GB
Total RAM: 4095 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:43 AM, on 1/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
D:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
D:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
D:\Program Files\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
D:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files (x86)\Java\jre6\bin\jusched.exe
D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
D:\Program Files (x86)\CyberLink\Shared files\brs.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
D:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\trend micro\Krishant Sharma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - D:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe D:\PROGRA~2\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKOSD2] "D:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RemoteControl10] "D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] D:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Users\Krishant Sharma\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKCU\..\Run: [bluCTRL Receiver] D:\Program Files (x86)\bluCTRL\bluCTRL Receiver\bluCTRLReceiver.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.intervideo.com
O15 - Trusted Zone: http://*.intervideo.com
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O20 - AppInit_DLLs: APSHook.dll D:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - D:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - D:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - D:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - D:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10884 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
D:\Windows\system32\services.exe
D:\Windows\system32\lsass.exe
D:\Windows\system32\lsm.exe
winlogon.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
"D:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe"
D:\Windows\SysWOW64\svchost.exe -k Cognizance
D:\Windows\system32\nvvsvc.exe
D:\Windows\system32\svchost.exe -k RPCSS
"D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
"D:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fefb74ec-34bc-42e3-bff0-0af7c80553b9 -SystemEventPortName:HostProcess-e3845e67-7266-4773-963f-b4b9738585a7 -IoCancelEventPortName:HostProcess-c29827ec-670d-4f56-82c0-eb21f33cfe6a -NonStateChangingEventPortName:HostProcess-0fa38eac-75f7-444c-8e57-2f88270a63fb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5de87969-482b-4f96-9b24-f70eae7c324a
D:\Windows\system32\nvvsvc.exe -session -first
"D:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-eadb4549-a418-459f-a5a8-eecdb0bf6a35 -SystemEventPortName:HostProcess-18e6ac67-afa6-4e1d-9419-0787fec6a7fb -IoCancelEventPortName:HostProcess-82cf192f-8873-4d6c-b070-9dfed5c4fc71 -NonStateChangingEventPortName:HostProcess-36569b4e-1ac1-44da-9055-71adc286c879 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:edb16744-3851-45f7-b79f-919f3b118378
"D:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe"
"D:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"D:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"D:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe"
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {6D41B97D-474E-48E9-8248-14390CE33BAF}
"taskhost.exe"
"D:\Windows\system32\Dwm.exe"
D:\Windows\Explorer.EXE
"D:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"D:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"D:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"D:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"D:\Program Files\Synaptics\SynTP\SynAsus" /RegPlugIn
"D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"D:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
"D:\Program Files (x86)\ATK Hotkey\Hcontrol.exe"
"D:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe"
"D:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe"
"D:\Program Files\Wireless Console 2\wcourier.exe"
"D:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"D:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"D:\Program Files\P4G\\BatteryLife.exe"
"D:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
Atouch64.exe
ATKOSD.exe
"C:\Program Files\ASUS\NB Probe\NBProbe.exe"
KBFiltr.exe
WDC.exe
"D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
D:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Program Files\Windows Media Player\WMPSideShowGadget.exe"
"D:\Program Files\Windows Media Player\wmpnetwk.exe"
"D:\Program Files (x86)\Windows Media Player\wmplayer.exe" /SkipFUE /RemoteOCXLaunch
"D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe"
"D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"D:\Program Files\ATKOSD2\ATKOSD2.exe"
"D:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"D:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"taskhost.exe"
"D:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"D:\Program Files (x86)\Java\jre6\bin\jusched.exe"
"D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"D:\Program Files (x86)\CyberLink\Shared files\brs.exe"
"D:\Program Files (x86)\iTunes\iTunesHelper.exe"
"D:\Program Files\iPod\bin\iPodService.exe"
"D:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
ADvdDiscHlp64.exe /i
\??\D:\Windows\system32\conhost.exe
D:\Windows\System32\svchost.exe -k secsvcs
D:\Windows\system32\wbem\wmiprvse.exe
"D:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
D:\Windows\servicing\TrustedInstaller.exe
D:\Windows\system32\vssvc.exe
"D:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "D:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
D:\Windows\System32\svchost.exe -k swprv
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe"
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-GB --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=5664.02FBF600.687594368 --ignored=" --type=renderer "
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-GB --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=5664.02FBFA80.1089578057 --ignored=" --type=renderer "
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-GB --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=5664.02FBF900.1007906861 --ignored=" --type=renderer "
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-GB --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=5664.02FBF780.719967874 --ignored=" --type=renderer "
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=extension --lang=en-GB --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=5664.02FCC900.1943145359 --ignored=" --type=renderer "
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.0.36021\lib/cooliris.dll" --lang=en-GB --plugin-data-dir="D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\User Data\Default" --channel=5664.042B8380.1107099269
"D:\Users\Krishant Sharma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-GB --force-fieldtest=CacheSize/CacheSizeGroup_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/ --channel=5664.07061780.1629567008
"D:\Windows\system32\wuauclt.exe"
"D:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"D:\Users\Krishant Sharma\Desktop\RSITx64.exe"
"d:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 37F1F5B7-8CC2-A0A0-7C44-F2302655A74D -Reinvoke
D:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3735828731-1437705386-2555578275-1001Core.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3735828731-1437705386-2555578275-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}]
ASUS Security Protect Manager - D:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll [2006-10-25 181008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files (x86)\Java\jre6\bin\ssv.dll [2010-04-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - D:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=D:\Windows\system32\NvCpl.dll [2009-07-02 16330272]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-16 1211688]
"Launch LgDeviceAgent"=D:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-02-18 415816]
"Launch LCDMon"=D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-02-18 2093128]
"Launch LGDCore"=D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-02-18 4271688]
"RtHDVCpl"=D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-06 10144288]
"COMODO Internet Security"=D:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-04 8074184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=D:\Users\Krishant Sharma\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
"Sidebar"=D:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"NB Probe"=C:\Program Files\ASUS\NB Probe\NBProbe.exe [2008-06-21 813624]
"bluCTRL Receiver"=D:\Program Files (x86)\bluCTRL\bluCTRL Receiver\bluCTRLReceiver.exe []
"msnmsgr"=D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"AnyDVD"=D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2010-05-04 3464128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CognizanceTS"=D:\PROGRA~2\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920]
"ATKOSD2"=D:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-23 7766016]
"ATKMEDIA"=D:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE [2008-02-01 61440]
"avast5"=D:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-29 2837864]
"AdobeCS4ServiceManager"=D:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=D:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-03 40368]
"Adobe ARM"=D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=D:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"SunJavaUpdateSched"=D:\Program Files (x86)\Java\jre6\bin\jusched.exe [2010-04-30 136600]
"UnlockerAssistant"=D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe []
"RemoteControl10"=D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=D:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2010-04-02 75048]
"iTunesHelper"=D:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-06-15 141624]

D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook64.dll D:\Windows\system32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASCredProv64

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-01 08:09:25 ----D---- D:\Program Files\trend micro
2010-08-01 08:09:23 ----D---- D:\rsit
2010-07-30 16:26:01 ----D---- D:\Users\Krishant Sharma\AppData\Roaming\Malwarebytes
2010-07-30 16:25:52 ----A---- D:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-07-30 16:25:50 ----D---- D:\ProgramData\Malwarebytes
2010-07-30 16:25:50 ----D---- D:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-07-30 16:25:50 ----A---- D:\Windows\system32\drivers\mbam.sys
2010-07-30 13:53:34 ----D---- D:\Program Files (x86)\Seagate
2010-07-30 13:20:19 ----D---- D:\Program Files (x86)\DOSBox-0.74
2010-07-30 09:37:10 ----A---- D:\Windows\system32\drivers\pavboot64.sys
2010-07-30 09:37:03 ----D---- D:\Program Files (x86)\Panda Security
2010-07-15 11:14:55 ----A---- D:\Windows\system32\cdd.dll
2010-07-12 12:36:37 ----D---- D:\Users\Krishant Sharma\AppData\Roaming\ImgBurn
2010-07-12 12:35:40 ----D---- D:\Program Files (x86)\ImgBurn

======List of files/folders modified in the last 1 months======

2010-08-01 08:09:43 ----D---- D:\Windows\Prefetch
2010-08-01 08:09:38 ----D---- D:\Windows\Temp
2010-08-01 08:09:25 ----RD---- D:\Program Files
2010-08-01 08:07:44 ----D---- D:\Windows\winsxs
2010-08-01 08:07:33 ----D---- D:\Windows\System32
2010-08-01 08:07:26 ----D---- D:\Windows\system32\catroot
2010-08-01 08:06:06 ----SHD---- D:\System Volume Information
2010-08-01 08:05:30 ----D---- D:\Windows\system32\config
2010-07-31 13:35:20 ----RD---- D:\Program Files (x86)
2010-07-31 13:14:52 ----D---- D:\Program Files (x86)\Cheat Engine
2010-07-30 17:39:11 ----D---- D:\Windows\system32\Tasks
2010-07-30 17:33:33 ----D---- D:\Windows\rescache
2010-07-30 16:25:52 ----D---- D:\Windows\SYSWOW64\drivers
2010-07-30 16:25:50 ----HD---- D:\ProgramData
2010-07-30 16:25:50 ----D---- D:\Windows\system32\drivers
2010-07-30 13:53:41 ----SHD---- D:\Windows\Installer
2010-07-30 13:23:37 ----SD---- D:\Users\Krishant Sharma\AppData\Roaming\Microsoft
2010-07-30 11:21:03 ----D---- D:\Users\Krishant Sharma\AppData\Roaming\FileZilla
2010-07-30 09:36:33 ----D---- D:\Windows\Downloaded Program Files
2010-07-21 19:19:00 ----D---- D:\ProgramData\Microsoft Help
2010-07-15 11:14:05 ----D---- D:\Windows\system32\catroot2
2010-07-15 11:13:24 ----D---- D:\Windows\inf
2010-07-15 11:13:24 ----A---- D:\Windows\system32\PerfStringBackup.INI
2010-07-12 16:05:06 ----D---- D:\Windows
2010-07-11 13:32:34 ----D---- D:\Users\Krishant Sharma\AppData\Roaming\vlc
2010-07-10 11:19:08 ----D---- D:\Users\Krishant Sharma\AppData\Roaming\TeraCopy
2010-07-08 12:03:10 ----D---- D:\Windows\SysWOW64
2010-07-03 06:18:43 ----A---- D:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; D:\Windows\system32\DRIVERS\iaStor.sys [2008-05-07 395288]
R0 lullaby;lullaby; D:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 16440]
R0 pavboot;pavboot; D:\Windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; D:\Windows\System32\Drivers\sptd.sys [2010-03-16 834544]
R1 aswRdr;aswRdr; D:\Windows\system32\drivers\aswRdr.sys [2010-06-29 28752]
R1 aswSP;aswSP; D:\Windows\system32\drivers\aswSP.sys [2010-06-29 121936]
R1 aswTdi;avast! Network Shield Support; D:\Windows\system32\drivers\aswTdi.sys [2010-06-29 51280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; D:\Windows\System32\DRIVERS\cmdguard.sys [2010-07-09 236112]
R1 cmdHlp;COMODO Internet Security Helper Driver; D:\Windows\System32\DRIVERS\cmdhlp.sys [2010-06-04 33208]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ElbyCDIO;ElbyCDIO Driver; D:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-02 34472]
R1 inspect;COMODO Internet Security Firewall Driver; D:\Windows\system32\DRIVERS\inspect.sys [2010-06-04 85208]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/17 12:52:41]; \??\D:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 146928]
R2 adfs;adfs; D:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 ASMMAP64;ASMMAP64; \??\D:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswFsBlk;aswFsBlk; D:\Windows\system32\drivers\aswFsBlk.sys [2010-06-29 20048]
R2 aswMonFlt;aswMonFlt; \??\D:\Windows\system32\drivers\aswMonFlt.sys [2010-06-29 61008]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R2 regi;regi; D:\Windows\system32\drivers\regi.sys [2007-04-16 14112]
R2 rimmptsk;rimmptsk; D:\Windows\system32\DRIVERS\rimmpx64.sys [2008-02-15 62976]
R2 rimsptsk;rimsptsk; D:\Windows\system32\DRIVERS\rimspx64.sys [2007-07-26 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; D:\Windows\system32\DRIVERS\rixdpx64.sys [2007-07-27 57856]
R3 AnyDVD;AnyDVD; D:\Windows\System32\Drivers\AnyDVD.sys [2010-04-24 123840]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); D:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-16 217352]
R3 BthEnum;Bluetooth Request Block Driver; D:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; D:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 btwaudio;Bluetooth Audio Device Service; D:\Windows\system32\drivers\btwaudio.sys [2008-03-17 92200]
R3 btwavdt;Bluetooth AVDT; D:\Windows\system32\drivers\btwavdt.sys [2008-03-17 121384]
R3 btwl2cap;Bluetooth L2CAP Service; D:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 36392]
R3 btwrchid;btwrchid; D:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 19880]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\Windows\system32\drivers\RTKVHD64.sys [2010-04-06 2337440]
R3 kbfiltr;Keyboard Filter; D:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-04 17464]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; D:\Windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver; D:\Windows\System32\Drivers\LGPBTDD.sys [2009-07-01 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; D:\Windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 mod7700;DiBcom DIB7700 based TV tuner device; D:\Windows\System32\Drivers\dvb7700all.sys [2008-01-31 658432]
R3 MTsensor;ATK0100 ACPI UTILITY; D:\Windows\system32\DRIVERS\ATK64AMD.sys [2006-10-27 13680]
R3 netw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; D:\Windows\system32\DRIVERS\netw5v64.sys [2008-05-21 4736512]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8169;Realtek 8169 NT Driver; D:\Windows\system32\DRIVERS\Rtlh64.sys [2008-02-15 160768]
R3 sdbus;sdbus; D:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); D:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-13 1836800]
R3 SynTP;Synaptics TouchPad Driver; D:\Windows\system32\DRIVERS\SynTP.sys [2007-11-16 317488]
S3 AgereSoftModem;Agere Systems Soft Modem; D:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-11 1146880]
S3 BTHPORT;Bluetooth Port Driver; D:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 MODEMCSA;Unimodem Streaming Filter Device; D:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 24064]
S3 pciide;pciide; D:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RTL8167;Realtek 8167 NT Driver; D:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-11 187392]
S3 s3cap;s3cap; D:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; D:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 USBAAPL64;Apple Mobile USB Driver; D:\Windows\System32\Drivers\usbaapl64.sys [2009-10-16 50176]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; D:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASBroker;Logon Session Broker; D:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ASChannel;Local Communication Channel; D:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ASLDRService;ASLDR Service; D:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; D:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R2 Bonjour Service;Bonjour Service; D:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 btwdins;Bluetooth Service; D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 794664]
R2 CLPSLS;COMODO livePCsupport Service; D:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-04 2348600]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; D:\Windows\system32\nvvsvc.exe [2009-07-02 382496]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-04 125496]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-29 40384]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2010-06-15 653616]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-21 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-21 655624]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; D:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]

-----------------EOF-----------------

##info.txt##

info.txt logfile of random's system information tool 1.08 2010-08-01 08:09:49

======Uninstall list======

-->D:\Program Files (x86)\InstallShield Installation Information\{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}\setup.exe -runfromtemp -l0x0409
µTorrent-->"D:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0465-000001000000}
Adobe AIR-->d:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Anchor Service x64 CS4-->MsiExec.exe /I{887797BF-37A5-4199-B0C9-0D38D6196E9A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CMaps x64 CS4-->MsiExec.exe /I{90BA8112-80B3-4617-A3C1-BD2771B60F74}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4 x64-->MsiExec.exe /I{8DAA31EB-6830-4006-A99F-4DF8AB24714F}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4 x64-->MsiExec.exe /I{A3454894-144A-4D80-B605-C128FE0D7329}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->D:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All x64-->MsiExec.exe /I{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4 x64-->MsiExec.exe /I{8875A1C0-6308-4790-8CF6-D34E89880052}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe PDF Library Files x64 CS4-->MsiExec.exe /I{DFFABE78-8173-4E97-9C5C-22FB26192FC5}
Adobe Photoshop CS4 (64 Bit)-->MsiExec.exe /I{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->D:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.2.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Type Support x64 CS4-->MsiExec.exe /I{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin x64-->MsiExec.exe /I{295CFB7C-A57E-4313-93E7-68E7CE1D0332}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Agere Systems HDA Modem-->agrsmdel
AnyDVD-->"D:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="D:\Program Files (x86)\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{328CC232-CFDC-468B-A214-2E21300E4CB5}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\Setup.exe" -l0x9
ASUS Power4Gear eXtreme-->MsiExec.exe /I{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}
ASUS Security Protect Manager-->rundll32.exe "D:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll",ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ATK Generic Function Service-->D:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->D:\Program Files (x86)\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\Setup.exe" -l0x9
ATKOSD2-->D:\Program Files (x86)\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
avast! Free Antivirus-->D:\Program Files\Alwil Software\Avast5\aswRunDll.exe "D:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /X{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}
Cheat Engine 5.6-->"D:\Program Files (x86)\Cheat Engine\unins000.exe"
COMODO Internet Security-->MsiExec.exe /I{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
COMODO livePCsupport-->MsiExec.exe /X{A31A5DFC-3439-48FC-99BB-5174168AE471}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CyberLink PowerDVD 10-->"D:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"D:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
DVD Shrink 3.2-->"D:\Program Files (x86)\DVD Shrink\unins000.exe"
EVEREST Ultimate Edition v5.30-->"D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Express Gate-->MsiExec.exe /I{8448D435-7543-411F-A0CC-7AA40D815E8F}
Farming-Simulator 2009-->"D:\Program Files (x86)\Farming-Simulator 2009\unins000.exe"
GIANTS Editor 4.1.2-->"D:\Program Files (x86)\GIANTS Software\GIANTS_Editor_4.1.2\unins000.exe"
Google Chrome Backup 1.8.0.141-->"D:\Program Files (x86)\Google Chrome Backup\unins000.exe"
Handbrake 0.9.4-->D:\Program Files (x86)\Handbrake\uninst.exe
ImgBurn-->"D:\Program Files (x86)\ImgBurn\uninstall.exe"
ITECIR-->D:\Program Files (x86)\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{53529DAD-F7C9-476E-87CC-1547C4E3E821}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech GamePanel Software 3.04.143-->MsiExec.exe /X{109945A8-D8D5-48B8-B4A5-195D3F99B56D}
MainConcept MCE Encoder 64bit-->MsiExec.exe /I{7494A815-527F-4338-8882-C6F96842A1BB}
Malwarebytes' Anti-Malware-->"D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mkv2vob-->MsiExec.exe /X{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}
Mozilla Firefox (3.6.3)-->D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NB Probe-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9
Notepad++-->D:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA Drivers-->D:\Windows\system32\nvuninst.exe UninstallGUI
Panda ActiveScan 2.0-->D:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw_x64-->MsiExec.exe /I{2D74E972-5A85-44DC-9193-8A302BA8C181}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->D:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\SETUP.EXE" -l0x9 anything
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB980376)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeraCopy 2.12-->"D:\Program Files\TeraCopy\unins000.exe"
The KMPlayer (remove only)-->"D:\Program Files (x86)\The KMPlayer\uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2202131)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A67392E8-282B-4BEF-8020-EF3DD664DE7B}
USB2.0 UVC 1.3M WebCam-->D:\Windows\snuninst.exe /name='USB2.0 UVC 1.3M WebCam'
VLC media player 1.0.5-->D:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->D:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinFlash-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9
Wireless Console 2-->D:\Program Files (x86)\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x0009 -removeonly

======System event log======

Computer Name: KrishantSharma
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk2\DR7.
Record Number: 9001
Source Name: Disk
Time Written: 20100531010427.917970-000
Event Type: Error
User:

Computer Name: KrishantSharma
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 8997
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100531010340.554261-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: KrishantSharma
Event Code: 1014
Message: Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
Record Number: 8974
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100529083601.596405-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: KrishantSharma
Event Code: 1014
Message: Name resolution for the name isatap.Belkin timed out after none of the configured DNS servers responded.
Record Number: 8956
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100529070353.660409-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: KrishantSharma
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR4.
Record Number: 8932
Source Name: Disk
Time Written: 20100529022626.938455-000
Event Type: Error
User:

=====Application event log=====

Computer Name: KrishantSharma
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 2028
Record Number: 7255
Source Name: Bonjour Service
Time Written: 20100529015422.000000-000
Event Type: Error
User:

Computer Name: KrishantSharma
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 7254
Source Name: Bonjour Service
Time Written: 20100529015422.000000-000
Event Type: Error
User:

Computer Name: KrishantSharma
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 1014
Record Number: 7253
Source Name: Bonjour Service
Time Written: 20100529015421.000000-000
Event Type: Error
User:

Computer Name: KrishantSharma
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 1014
Record Number: 7252
Source Name: Bonjour Service
Time Written: 20100529015421.000000-000
Event Type: Error
User:

Computer Name: KrishantSharma
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 7251
Source Name: Bonjour Service
Time Written: 20100529015421.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: KrishantSharma
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: KRISHANTSHARMA$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-3735828731-1437705386-2555578275-1001
Account Name: Krishant Sharma
Account Domain: KrishantSharma
Logon ID: 0xdd98af
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x378
Process Name: D:\Windows\SysWOW64\svchost.exe

Network Information:
Workstation Name: KRISHANTSHARMA
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4914
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100529021612.593149-000
Event Type: Audit Success
User:

Computer Name: KrishantSharma
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: KRISHANTSHARMA$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Krishant Sharma
Account Domain: KrishantSharma
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x378
Process Name: D:\Windows\SysWOW64\svchost.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 4913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100529021612.593149-000
Event Type: Audit Success
User:

Computer Name: KrishantSharma
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: 504f8157-7ddc-4b1b-9329-8532c6cfb834
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 4912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100529021601.420510-000
Event Type: Audit Success
User:

Computer Name: KrishantSharma
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: 504f8157-7ddc-4b1b-9329-8532c6cfb834
Key Type: Machine key.

Key File Operation Information:
File Path: D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\056af9ffb25f48981a25a92d964d7798_034a06aa-73a0-4fc8-b512-6953867b82e0
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 4911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100529021601.420510-000
Event Type: Audit Success
User:

Computer Name: KrishantSharma
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3735828731-1437705386-2555578275-1001
Account Name: Krishant Sharma
Domain Name: KrishantSharma
Logon ID: 0x5fb41
Record Number: 4910
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100529005703.815074-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;D:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\bin;D:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;D:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=D:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

##MBAM Log##

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4369

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/07/2010 5:34:53 PM
mbam-log-2010-07-30 (17-34-53).txt

Scan type: Quick scan
Objects scanned: 131451
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Users\Krishant Sharma\Desktop\AutoClicker.exe (Trojan.AutoClick) -> Quarantined and deleted successfully.

## End MBAM log ##

The file it picked up I downloaded to test a little program I was working on, scanned it before using it and avast said it was clean.

Also running a full scan at the moment. Didn't realise it was set to quick before.
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity

Post Number : #6  Postby Clark76 » 01 Aug 2010 03:02

Kris,

Nothing showing up in the logs you provided. I am curious as to what panda may have found. Since it will not run for you we are going to try running a different online scanner instead. First I would like to update your version of Java though.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 21 -"
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Image

Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
User avatar


Security Analyst, Moderator

Security Analyst, Moderator
 
Posts: 732
Joined: 03 June 2009
Location: Cleveland, Ohio
OS: XP, 7 Ultimate, Ubuntu 9.10
Highscores: 4

Re: Eratic CPU behaviour and random HDD activity

Post Number : #7  Postby Jack.Sparrow » 02 Aug 2010 01:05

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 2, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 31, 2010 23:31:19
Records in database: 4178720
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 344427
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 08:22:59


File name / Threat / Threats count
C:\Users\Krishant Sharma\AppData\Local\Temp\HPSUX0IL.VL7\selfupdate_5_2_0_13.exe Infected: not-a-virus:FraudTool.Win32.Agent.adv 1

Selected area has been scanned.

EDIT: Panda is working now, scanning at the moment, will post its log when it finishes :)
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity

Post Number : #8  Postby Clark76 » 02 Aug 2010 04:41

Let me know when you have the results from the Panda scan and we will continue from there.
Image

Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
User avatar


Security Analyst, Moderator

Security Analyst, Moderator
 
Posts: 732
Joined: 03 June 2009
Location: Cleveland, Ohio
OS: XP, 7 Ultimate, Ubuntu 9.10
Highscores: 4

Re: Eratic CPU behaviour and random HDD activity

Post Number : #9  Postby Jack.Sparrow » 02 Aug 2010 06:14

I closed it again :grr Get the same message again "Scan already running"

It's 2pm here at the moment, I have a flight to catch tomorrow morning @ 4am and will be away till mid day Friday, not sure about my internet connection availability at the moment. Will try a restart to see if I can scan again and if it finishes in time I'll post the results.
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity

Post Number : #10  Postby Jack.Sparrow » 02 Aug 2010 11:03

The scan is @ 31% at the moment, I don't see it finishing any time soon so I'll have to cancel it. I'll pick this up as soon as I get back on Friday, unless it gets closed :D Sorry for all the trouble.

EDIT: It let me save the results so far. I've attached them.
You need to be a registered member to view the files attached to this post.
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity

Post Number : #11  Postby Clark76 » 02 Aug 2010 13:05

Thanks for getting the partial results Kris. It confirms what I suspected Panda might have been picking up, mostly tracking cookies and some items in the Java cache.

Download CCleaner Slim and save it to your desktop.

* When the file has been saved, go to your desktop and double-click on ccsetupxxx_slim.exe
* Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.

* M ake sure cookies is checked for each browser listed under the Windows and Application tab
* Also make sure Java is checked under the Application tab
*You can uncheck any items you do not wish to have cleared out.

* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 24 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
* Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.
* Exit CCleaner after it has completed its process.


Panda also found this file:
c:\users\krishant sharma\documents\downloads\unlocker1.8.7.exe

This might be a false positive. Since it appears you downloaded it deliberately, do you know anything about this file. If you are unsure we can run it through a scanner. Please let me know.

Other then that file your logs appear to be clean. Are you still having system issues?
Image

Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
User avatar


Security Analyst, Moderator

Security Analyst, Moderator
 
Posts: 732
Joined: 03 June 2009
Location: Cleveland, Ohio
OS: XP, 7 Ultimate, Ubuntu 9.10
Highscores: 4

Re: Eratic CPU behaviour and random HDD activity

Post Number : #12  Postby Jack.Sparrow » 03 Aug 2010 11:37

I'll run CCCleaner once I'm back home after backup my passwords etc, just in case. Last time I tried clearing out my cookies using a program, I lost all my saved passwords.

Unlocker is a little program used to 'unlock' files to move or delete them. It seems fairly common -> http://ccollomb.free.fr/unlocker/

CPU is very calm at the moment. Only thing different is I haven't got my mouse(G5) and keyboard(G19) plugged in. Might be the Logitech software causing the issues.

Thanks for all the help Ben.
Kris.
Image
“Oh Gravity, thou art a heartless b**** ”

If TnT has saved you buying a new computer, please consider donating a small portion of the money saved. All donations are used to cover the costs of maintaining and running the site. :)
User avatar


Admin, Gaming Team
 
Posts: 1287
Joined: 18 September 2008
Location: Australia
OS: XP Pro/7 Ultimate x64
Highscores: 28

Re: Eratic CPU behaviour and random HDD activity

Post Number : #13  Postby Clark76 » 03 Aug 2010 23:16

Anytime Kris. Let me know if you run into any problems and need a hand with something.
Image

Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
User avatar


Security Analyst, Moderator

Security Analyst, Moderator
 
Posts: 732
Joined: 03 June 2009
Location: Cleveland, Ohio
OS: XP, 7 Ultimate, Ubuntu 9.10
Highscores: 4

Re: Eratic CPU behaviour and random HDD activity

Post Number : #14  Postby Clark76 » 07 Aug 2010 03:59

Since this issue appears to be resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

Please read this BEFORE posting in the Malware Forum
Image

Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
User avatar


Security Analyst, Moderator

Security Analyst, Moderator
 
Posts: 732
Joined: 03 June 2009
Location: Cleveland, Ohio
OS: XP, 7 Ultimate, Ubuntu 9.10
Highscores: 4

Topic locked

Return to Solved Threads

www.tnthelpforum.com © 2008, 2009, 2010
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group