Inactive [InActive] Hard drive is constantly being accessed, making noise

Hello

About four hours ago, I must have accidentally downloaded some kind of file that has resulted in my computer constantly making a "thinking" noise, which I believe means that it is accessing the hard drive. It doesn't come in bursts or anything - it is a non-stop sequence of noises.

To get more information about what is going on in my PC, I downloaded this program called "process monitor" from sysinternals.com, and it shows me that "rundll32.exe ", "UmxAgent.exe ", "Explorer.EXE ", and one other process called "lsass.exe" are all constantly running. I can see a long string of "RegOpenKey ", "RegCloseKey ", and "RegQueryValue" operations for these four processes (although only about 15 entries for lsass.exe).

I am running Windows Vista Ultimate, 32-bit edition with Service Pack 1. I am using an AMD Phenom 9850 Quad-core processor (2.50 Ghz), with 4.00 GB of RAM, and an ATI Radeon 4800 series video card. I'm not sure any of that is necessary, but I wanted to give you as much info as possible. Also, after reading a few forum posts on similar issues, I have noticed how it is useful to include a "HiJackthis" log. I just typed in "HiJack this" into google and downloaded it from "trendsecure.com ". After installing and running, here is the log (completely untouched and unmodified):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:37 PM, on 13/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Users\Piotr Bartnicki\Downloads\Installs\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Piotr Bartnicki\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Users\Piotr Bartnicki\Downloads\Installs\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\Piotr Bartnicki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Piotr Bartnicki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Users\Piotr Bartnicki\Downloads\process monitor\Procmon.exe
C:\Users\Piotr Bartnicki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Users\Piotr Bartnicki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\Piotr Bartnicki\Downloads\Installs\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRLbbBT.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Piotr Bartnicki\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PIOTRB~1\AppData\Local\Temp\nnnllKCS.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PIOTRB~1\AppData\Local\Temp\tuvwuvwX.dll,#1
O4 - HKCU\..\Run: [70668bbc] rundll32.exe "C:\Users\PIOTRB~1\AppData\Local\Temp\maxfbqjh.dll ",b
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9359 bytes

I normally just play music to drown it out, so its not a huge rush or anything . Maybe after this I will try to figure out why my computer normally take 4-5 minutes to load all applications on start up, and why things are unusually slow in general. My computer is pretty much brand new, only 3 months old. Anyways, that is for another forum. I'd at least like it to stop making those noises.

Thanks for the help!

-Adrian

 

Welcome to WindowsBBS adrian55

Appears you have indeed picked up some infections. Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Hi Noah

I just wanted to update you that I installed and ran MBAM, found some malware and removed it, then shut down my computer because it was really late. When I get back home (i'm typing at university) I'll see how it works and hopefully edit this post with a full hijackthis log. The only problem is at home I can't seem to access my account on Windows BBS, as it constantly resets. I think this is probably related to my malware, but if it isn't I'm just letting you know I'm still here!

-Adrian

 

Thanks for the update Adrian.

Please post with a new reply when you come back to this topic, so that I'll know you've responded.

 

Okay, so here are the logs. I actually have two for MBAM since the first time I ran it I did a deep full-system scan, but it was already 1:00 AM and I wanted to go to sleep. So I stopped it and fixed the 4 malware objects I could see. I just restarted it today and found 2 more using the quick scan. Here are the logs in the respective order (4 then 2):

Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 6.0.6001 Service Pack 1

16/10/2008 1:02:11 AM
mbam-log-2008-10-16 (01-02-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106238
Time elapsed: 1 hour(s), 38 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Piotr Bartnicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C72I5S7\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Piotr Bartnicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C72I5S7\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Piotr Bartnicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKJVKS52\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Piotr Bartnicki\AppData\Local\Temp\tmp00011850 (Trojan.Vundo) -> Quarantined and deleted successfully.

---- ---- ----

Log #2

---- ---- ----

Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 6.0.6001 Service Pack 1

16/10/2008 10:29:43 PM
mbam-log-2008-10-16 (22-29-43).txt

Scan type: Quick Scan
Objects scanned: 47885
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Piotr Bartnicki\AppData\Local\Temp\TDSSf288.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Piotr Bartnicki\AppData\Local\Temp\TDSSf2e6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

--------
Hijackthis log:
--------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Piotr Bartnicki at 2008-10-16 22:35:38
Microsoft® Windows Vistaâ„¢ Ultimate Service Pack 1
System drive C: has 337 GB (71%) free of 477 GB
Total RAM: 3326 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:09 PM, on 16/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Users\Piotr Bartnicki\Downloads\Installs\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Piotr Bartnicki\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Piotr Bartnicki\Virus Removal Software\Hijackthis\Hijackthis.exe
C:\Program Files\trend micro\Piotr Bartnicki.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe "
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe "
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Users\Piotr Bartnicki\Downloads\Installs\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Piotr Bartnicki\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8312 bytes

======Scheduled tasks folder======

C:\Windows\tasks\CAAntiSpywareScan_Daily as pawel bartnicki at 6 50 PM.job
C:\Windows\tasks\ErrorSmart Scheduled Scan.job
C:\Windows\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CA Toolbar Helper - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2008-06-23 275896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2008-06-23 275896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2007-08-27 4702208]
"JMB36X IDE Setup "=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"StartCCC "=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"itype "=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"IntelliPoint "=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"cctray "=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-09-09 181488]
"CAVRID "=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-09-09 234736]
"capfasem "=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-09-09 173296]
"cafw "=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-09-09 771312]
"PC Pitstop Optimize Scheduler "=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe [2007-01-04 1700864]
"ErrorSmart "=C:\Program Files\ErrorSmart\ErrorSmart.exe []
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper "=C:\Users\Piotr Bartnicki\Downloads\Installs\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-14 144792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"Steam "=c:\program files\steam\steam.exe [2008-10-15 1410296]
"Google Update "=C:\Users\Piotr Bartnicki\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\Windows\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C} "=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74b98982-672d-11dd-9064-001a4d5eb100}]
shell\Auto\command - E:\0wen0.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\0wen0.exe


======List of files/folders created in the last 1 months======

2008-10-15 23:17:17 ----D---- C:\Users\Piotr Bartnicki\AppData\Roaming\Malwarebytes
2008-10-15 23:17:12 ----D---- C:\ProgramData\Malwarebytes
2008-10-15 23:03:33 ----D---- C:\fixwareout
2008-10-15 22:57:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 22:57:28 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 22:56:45 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 22:56:44 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 22:56:42 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 22:56:39 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 22:56:39 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-15 22:56:38 ----A---- C:\Windows\system32\urlmon.dll
2008-10-15 22:56:38 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 20:03:09 ----D---- C:\Windows\Registration
2008-10-13 21:39:37 ----D---- C:\rsit
2008-10-13 20:15:29 ----D---- C:\Windows\pss
2008-10-13 18:53:08 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-10-13 17:56:45 ----D---- C:\Program Files\Trend Micro
2008-10-13 17:04:23 ----D---- C:\Users\Piotr Bartnicki\AppData\Roaming\Uniblue
2008-10-13 17:02:18 ----HDC---- C:\ProgramData\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-10-13 14:23:23 ----D---- C:\Users\Piotr Bartnicki\AppData\Roaming\uTorrent
2008-10-11 13:01:01 ----D---- C:\Program Files\GPLGS
2008-10-11 12:59:59 ----D---- C:\Program Files\Acro Software
2008-10-05 00:59:49 ----RHD---- C:\Users\Piotr Bartnicki\AppData\Roaming\SecuROM
2008-10-05 00:59:12 ----D---- C:\Program Files\GameSpy
2008-10-03 20:03:56 ----D---- C:\Program Files\iPod(1285)
2008-09-28 10:55:11 ----D---- C:\Users\Piotr Bartnicki\AppData\Roaming\Mozilla
2008-09-28 10:54:44 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 16:03:42 ----D---- C:\Users\Piotr Bartnicki\AppData\Roaming\Paltalk
2008-09-27 16:03:36 ----D---- C:\Windows\PaltalkScene
2008-09-27 16:03:36 ----D---- C:\Program Files\Paltalk Messenger
2008-09-27 16:03:32 ----A---- C:\Windows\PaltalkScene Setup Log.txt
2008-09-20 12:39:36 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-20 12:39:16 ----D---- C:\Program Files\Windows Live
2008-09-20 12:37:38 ----D---- C:\ProgramData\WLInstaller
2008-09-17 20:41:43 ----D---- C:\Program Files\Xvid
2008-09-17 20:41:43 ----A---- C:\Windows\system32\xvidvfw.dll
2008-09-17 20:41:43 ----A---- C:\Windows\system32\xvidcore.dll

======List of files/folders modified in the last 1 months======

2008-10-16 22:36:01 ----D---- C:\Windows\Prefetch
2008-10-16 22:35:36 ----D---- C:\Windows\Temp
2008-10-16 22:28:44 ----D---- C:\Windows\System32
2008-10-16 22:28:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-16 22:28:43 ----D---- C:\Windows\inf
2008-10-16 22:25:40 ----D---- C:\Windows\winsxs
2008-10-16 22:21:48 ----D---- C:\Program Files\Steam
2008-10-16 22:21:30 ----D---- C:\Windows\system32\catroot
2008-10-16 22:17:48 ----D---- C:\Windows\system32\migration
2008-10-16 22:17:48 ----D---- C:\Windows\system32\drivers
2008-10-16 22:17:48 ----D---- C:\Program Files\Windows Mail
2008-10-16 22:13:56 ----SHD---- C:\System Volume Information
2008-10-16 22:12:47 ----SHD---- C:\Windows\Installer
2008-10-16 22:12:09 ----D---- C:\Program Files\iPod
2008-10-15 23:22:17 ----D---- C:\Users\Piotr Bartnicki\AppData\Roaming\CallingID
2008-10-15 23:17:12 ----HD---- C:\ProgramData
2008-10-15 22:57:41 ----D---- C:\Windows\system32\catroot2
2008-10-14 21:04:50 ----A---- C:\Windows\win.ini
2008-10-14 20:03:49 ----D---- C:\Windows\system32\wbem
2008-10-14 20:03:09 ----D---- C:\Windows
2008-10-14 20:02:48 ----D---- C:\Windows\registration.tmp
2008-10-14 19:40:51 ----D---- C:\Program Files\Bonjour
2008-10-14 19:40:50 ----D---- C:\Windows\system32\Msdtc
2008-10-14 19:39:38 ----D---- C:\Windows\system32\config
2008-10-14 19:38:24 ----D---- C:\Windows\Tasks
2008-10-14 19:38:24 ----D---- C:\Windows\tapi
2008-10-14 19:38:24 ----D---- C:\Windows\system
2008-10-14 19:38:23 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-14 19:38:23 ----D---- C:\Windows\system32\spool
2008-10-14 19:38:23 ----D---- C:\Windows\system32\RTCOM
2008-10-14 19:38:23 ----D---- C:\Windows\system32\ja-JP
2008-10-14 19:38:23 ----D---- C:\Windows\system32\fr-FR
2008-10-14 19:38:23 ----D---- C:\Windows\system32\es-ES
2008-10-14 19:38:23 ----D---- C:\Windows\system32\en-US
2008-10-14 19:38:23 ----D---- C:\Windows\system32\de-DE
2008-10-14 19:38:23 ----D---- C:\Windows\system32\CodeIntegrity
2008-10-14 19:38:22 ----D---- C:\Windows\ShellNew
2008-10-14 19:38:22 ----D---- C:\Windows\RaidTool
2008-10-14 19:38:16 ----SD---- C:\Windows\Downloaded Program Files
2008-10-14 19:38:16 ----RSD---- C:\Windows\Fonts
2008-10-14 19:38:16 ----RSD---- C:\Windows\assembly
2008-10-14 19:38:16 ----D---- C:\Windows\IME
2008-10-14 19:38:16 ----D---- C:\Windows\Help
2008-10-14 19:38:01 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 19:38:00 ----D---- C:\Program Files\WinRAR
2008-10-14 19:38:00 ----D---- C:\Program Files\uTorrent
2008-10-14 19:37:59 ----D---- C:\Program Files\Safari
2008-10-14 19:37:59 ----D---- C:\Program Files\QuickTime
2008-10-14 19:37:58 ----D---- C:\Program Files\Microsoft Works
2008-10-14 19:37:57 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-10-14 19:37:57 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-10-14 19:37:57 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-14 19:37:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-14 19:37:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 19:37:56 ----D---- C:\Program Files\Common Files\Steam
2008-10-14 19:37:56 ----D---- C:\Program Files\Common Files\Scanner
2008-10-14 19:37:56 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-14 19:37:49 ----D---- C:\Program Files\Apple Software Update
2008-10-14 19:37:02 ----D---- C:\Program Files\Common Files\Adobe
2008-10-14 19:36:59 ----SHD---- C:\$Recycle.Bin
2008-10-14 19:36:57 ----D---- C:\Windows\WindowsMobile
2008-10-14 19:36:57 ----D---- C:\Windows\Web
2008-10-14 19:36:57 ----D---- C:\Windows\system32\XPSViewer
2008-10-14 19:36:57 ----D---- C:\Windows\system32\winrm
2008-10-14 19:36:57 ----D---- C:\Windows\system32\WCN
2008-10-14 19:36:57 ----D---- C:\Windows\system32\sysprep
2008-10-14 19:36:57 ----D---- C:\Windows\system32\Speech
2008-10-14 19:36:57 ----D---- C:\Windows\system32\SMI
2008-10-14 19:36:57 ----D---- C:\Windows\system32\slmgr
2008-10-14 19:36:57 ----D---- C:\Windows\system32\RemInst
2008-10-14 19:36:57 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2008-10-14 19:36:57 ----D---- C:\Windows\system32\oobe
2008-10-14 19:36:57 ----D---- C:\Windows\system32\MUI
2008-10-14 19:36:57 ----D---- C:\Windows\system32\migwiz
2008-10-14 19:36:56 ----D---- C:\Windows\system32\licensing
2008-10-14 19:36:56 ----D---- C:\Windows\system32\IME
2008-10-14 19:36:56 ----D---- C:\Windows\system32\com
2008-10-14 19:36:56 ----D---- C:\Windows\Speech
2008-10-14 19:36:56 ----D---- C:\Windows\ServiceProfiles
2008-10-14 19:36:56 ----D---- C:\Windows\schemas
2008-10-14 19:36:56 ----D---- C:\Windows\Resources
2008-10-14 19:36:56 ----D---- C:\Windows\PolicyDefinitions
2008-10-14 19:36:56 ----D---- C:\Windows\PLA
2008-10-14 19:36:56 ----D---- C:\Windows\MSAgent
2008-10-14 19:36:56 ----D---- C:\Windows\ehome
2008-10-14 19:36:56 ----D---- C:\Windows\DigitalLocker
2008-10-14 19:36:56 ----D---- C:\Windows\Branding
2008-10-14 19:36:55 ----RD---- C:\Program Files
2008-10-14 19:36:55 ----D---- C:\Windows\AppPatch
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows Sidebar
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows Photo Gallery
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows NT
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows Media Player
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows Journal
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows Defender
2008-10-14 19:36:55 ----D---- C:\Program Files\Windows Calendar
2008-10-14 19:36:54 ----D---- C:\Program Files\Movie Maker
2008-10-14 19:36:54 ----D---- C:\Program Files\Microsoft Games
2008-10-14 19:36:54 ----D---- C:\Program Files\Internet Explorer
2008-10-14 19:36:54 ----D---- C:\Program Files\Common Files\System
2008-10-14 19:36:54 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-14 19:36:54 ----D---- C:\Program Files\Common Files
2008-10-14 18:17:13 ----D---- C:\Windows\system32\WDI
2008-10-13 21:54:40 ----D---- C:\Windows\Logs
2008-10-13 19:00:31 ----SD---- C:\ProgramData\Microsoft
2008-10-10 18:24:11 ----A---- C:\caisslog.txt
2008-10-07 15:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-05 00:55:17 ----D---- C:\Windows\system32\LogFiles
2008-10-03 20:03:54 ----D---- C:\ProgramData\Apple Computer
2008-09-21 22:22:54 ----SD---- C:\Users\Piotr Bartnicki\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 KmxAgent;KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFilter;HIPS Core Filter Driver; C:\Windows\system32\DRIVERS\KmxFilter.sys [2007-09-05 51728]
R1 VETEFILE;VET File Scan Engine; C:\Windows\system32\drivers\VETEFILE.sys [2008-07-28 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\Windows\system32\drivers\VETFDDNT.sys [2008-09-09 21488]
R1 VET-FILT;VET File System Filter; C:\Windows\system32\drivers\VET-FILT.sys [2008-09-09 26352]
R1 VETMONNT;VET File Monitor; C:\Windows\system32\drivers\VETMONNT.sys [2008-09-09 32240]
R1 VET-REC;VET File System Recognizer; C:\Windows\system32\drivers\VET-REC.sys [2008-09-09 21104]
R2 KmxCF;KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [2008-06-24 138744]
R2 KmxSbx;KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-14 3691520]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-28 1951000]
R3 KmxCfg;KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\netr61.sys [2006-08-25 274432]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-25 84480]
R3 VETEBOOT;VET Boot Scan Engine; C:\Windows\system32\drivers\VETEBOOT.sys [2008-07-28 108368]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-28 16512]
S3 jnv4_mib;jnv4_mib; C:\Windows\system32\drivers\jnv4_mib.sys []
S3 MRV6X32P;Vista 32-bits Native WiFi Driver; C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 253952]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-14 679936]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-07-28 144696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-01-21 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-01-21 801296]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-09-09 255216]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-09-09 214256]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-09-05 145936]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-16 92656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

And as a final note, I have ot say that the problem is fixed..and the computer is very quiet. So thank you for the assistance, I'm glad this problem was so easy to solve! It also turns out that I can't log into this site with the Apple Safari web-browser, but I tried IE and it works fine.

-Adrian

 

There's still a bit to do. Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new RSIT log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall