PDA

View Full Version : Virtumonde



dudforla
2008-11-05, 04:20
http://forums.spybot.info/showthread.php?p=248103#post248103
recently I had a similar problem. Is my computer still not fixed?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:34 PM, on 11/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 1566 bytes

Shaba
2008-11-05, 12:04
Hi dudforla

Your HijackThis log isn't complete.

Right-click HijackThis.exe, choosen run as administrator, click do a system scan only and save a logfile and post back a fresh HijackThis log, please :)

dudforla
2008-11-05, 17:38
Hi Shaba I have to run now Be back in 6-7 hours.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:00 AM, on 11/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8849 bytes

Shaba
2008-11-05, 17:44
Have you uninstalled Symantec?

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

dudforla
2008-11-06, 01:27
never had symantics i believe
only one Log file opened.



Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-05 15:23:59
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 341 GB (73%) free of 469 GB
Total RAM: 1918 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:04 PM, on 11/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8877 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-02 00:14:25 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-31 03:03:21 ----A---- C:\ComboFix.txt
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-06 19:23:15 ----D---- C:\Users\Sam\AppData\Roaming\Yahoo!
2008-10-06 19:23:15 ----D---- C:\ProgramData\Yahoo! Companion

======List of files/folders modified in the last 1 months======

2008-11-05 15:23:33 ----D---- C:\Windows\Prefetch
2008-11-04 23:43:36 ----SHD---- C:\System Volume Information
2008-11-04 18:14:53 ----RD---- C:\Program Files
2008-11-04 15:44:59 ----D---- C:\Windows\system32\drivers
2008-11-04 07:56:14 ----D---- C:\Windows\System32
2008-11-04 07:56:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 07:56:13 ----D---- C:\Windows\inf
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 03:01:00 ----D---- C:\Program Files\Common Files
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-27 22:56:03 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help
2008-10-07 11:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 auvdl3nr;auvdl3nr; C:\Windows\system32\drivers\auvdl3nr.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

dudforla
2008-11-06, 10:07
never had symantics i believe
only one Log file opened.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-05 15:23:59
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 341 GB (73%) free of 469 GB
Total RAM: 1918 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:04 PM, on 11/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8877 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-02 00:14:25 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-31 03:03:21 ----A---- C:\ComboFix.txt
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-06 19:23:15 ----D---- C:\Users\Sam\AppData\Roaming\Yahoo!
2008-10-06 19:23:15 ----D---- C:\ProgramData\Yahoo! Companion

======List of files/folders modified in the last 1 months======

2008-11-05 15:23:33 ----D---- C:\Windows\Prefetch
2008-11-04 23:43:36 ----SHD---- C:\System Volume Information
2008-11-04 18:14:53 ----RD---- C:\Program Files
2008-11-04 15:44:59 ----D---- C:\Windows\system32\drivers
2008-11-04 07:56:14 ----D---- C:\Windows\System32
2008-11-04 07:56:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 07:56:13 ----D---- C:\Windows\inf
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 03:01:00 ----D---- C:\Program Files\Common Files
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-27 22:56:03 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help
2008-10-07 11:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 auvdl3nr;auvdl3nr; C:\Windows\system32\drivers\auvdl3nr.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------


I deleted all Symantec files that I could find. I believe i already uninstalled two years ago.
I still only receieve one Log when I run RSIT

Here is the recent one.
Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-06 00:06:39
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 338 GB (72%) free of 469 GB
Total RAM: 1918 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:45 AM, on 11/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8825 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-02 00:14:25 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-31 03:03:21 ----A---- C:\ComboFix.txt
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-06 00:05:12 ----D---- C:\Windows\Prefetch
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-05 21:31:26 ----SHD---- C:\System Volume Information
2008-11-04 18:14:53 ----RD---- C:\Program Files
2008-11-04 15:44:59 ----D---- C:\Windows\system32\drivers
2008-11-04 07:56:14 ----D---- C:\Windows\System32
2008-11-04 07:56:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 07:56:13 ----D---- C:\Windows\inf
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-27 22:56:03 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help
2008-10-07 11:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 auvdl3nr;auvdl3nr; C:\Windows\system32\drivers\auvdl3nr.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

Shaba
2008-11-06, 12:12
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

dudforla
2008-11-06, 17:21
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
Apple Mobile Device Support
Apple Software Update
Battlefield 2: Special Forces
Bonjour
Canon MP600
C-Media PCI Audio Driver
dBpoweramp m4a Codec
Enhanced Multimedia Keyboard Solution
Fraps (remove only)
Free Mp3/Wma/Ogg Converter 4.0.1
GoldWave v5.20
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Core
HP Easy Setup - Frontend
HP On-Screen Caps/Num/Scroll Lock Indicator
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HyperCam 2
iTunes
Java(TM) 6 Update 7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Media Video 9 VCM
Microsoft Works
Mozilla Firefox (2.0.0.17)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
My HP Games
NVIDIA Drivers
Panda ActiveScan 2.0
Pocket RAR documentation
Project Reality 0809 Core
Project Reality 0809 Levels
Python 2.4.3
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
TeamSpeak 2 RC2
Update for Office 2007 (KB946691)
Ventrilo Client
VeohTV BETA
Verizon High Speed Internet
Windows Live Messenger
Windows Live Photo Gallery
WinFF 0.4
WinRAR archiver
Xfire (remove only)
Yahoo! Toolbar

Shaba
2008-11-06, 17:28
Please post next contents of C:\ComboFix.txt :)

dudforla
2008-11-07, 01:47
would this be it ?

ComboFix 08-10-30.12 - Sam 2008-10-31 3:59:21.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1214 [GMT -7:00]
Running from: C:\Users\Sam\Desktop\ComboFix.exe
Command switches used :: C:\Users\Sam\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\vghd.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\DNA
C:\Program Files\DNA\btdna.exe
C:\Program Files\DNA\DNAcpl.cpl
C:\Program Files\DNA\plugins\npbtdna.dll
C:\Program Files\FrostWire
C:\Program Files\FrostWire\log.txt
C:\Program Files\vghd
C:\Program Files\vghd\dxmodules.dll
C:\Program Files\vghd\msvcr70.dll
C:\Program Files\vghd\System.dll
C:\Program Files\vghd\vghd.exe
C:\Program Files\vghd\vhd.dll
C:\Program Files\vghd\VirtuaGirl_Downloader.exe
C:\Program Files\vghd\Windows.dll
C:\Program Files\vghd\WindowsEx.dll
C:\Temp\xp34
C:\Temp\xp34\cPH.log
C:\Users\Sam\AppData\Roaming\LimeWire
C:\Users\Sam\AppData\Roaming\LimeWire\412splashfree.png
C:\Users\Sam\AppData\Roaming\LimeWire\412splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\414splashfree.png
C:\Users\Sam\AppData\Roaming\LimeWire\certificate\limewire.keystore
C:\Users\Sam\AppData\Roaming\LimeWire\createtimes.cache
C:\Users\Sam\AppData\Roaming\LimeWire\data.ser
C:\Users\Sam\AppData\Roaming\LimeWire\downloads.dat
C:\Users\Sam\AppData\Roaming\LimeWire\fileurns.bak
C:\Users\Sam\AppData\Roaming\LimeWire\fileurns.cache
C:\Users\Sam\AppData\Roaming\LimeWire\filters.props
C:\Users\Sam\AppData\Roaming\LimeWire\gnutella.net
C:\Users\Sam\AppData\Roaming\LimeWire\installation.props
C:\Users\Sam\AppData\Roaming\LimeWire\library.dat
C:\Users\Sam\AppData\Roaming\LimeWire\limewire.props
C:\Users\Sam\AppData\Roaming\LimeWire\mojito.props
C:\Users\Sam\AppData\Roaming\LimeWire\promotion\promodb.backup
C:\Users\Sam\AppData\Roaming\LimeWire\promotion\promodb.data
C:\Users\Sam\AppData\Roaming\LimeWire\promotion\promodb.properties
C:\Users\Sam\AppData\Roaming\LimeWire\promotion\promodb.script
C:\Users\Sam\AppData\Roaming\LimeWire\pub1.key
C:\Users\Sam\AppData\Roaming\LimeWire\public.key
C:\Users\Sam\AppData\Roaming\LimeWire\questions.props
C:\Users\Sam\AppData\Roaming\LimeWire\responses.cache
C:\Users\Sam\AppData\Roaming\LimeWire\secureMessage.key
C:\Users\Sam\AppData\Roaming\LimeWire\simpp.xml
C:\Users\Sam\AppData\Roaming\LimeWire\spam.dat
C:\Users\Sam\AppData\Roaming\LimeWire\tables.props
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme.lwtp
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\01_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\02_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\03_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\04_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\05_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\chat.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\dir_closed.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\dir_open.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\forward_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\forward_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\kill.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\kill_on.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\lime.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\logo.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\notsearching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\pause_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\pause_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\play_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\play_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\question.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\rewind_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\rewind_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\searching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\splash.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\stop_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\stop_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\theme.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\black_theme\warning.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme.lwtp
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\01_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\02_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\03_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\04_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\05_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\chat.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\dir_closed.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\dir_open.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\forward_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\forward_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\kill.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\logo.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\notsearching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\pause_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\pause_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\play_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\play_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\question.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\rewind_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\rewind_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\search.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\searching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\splash.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\stop_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\stop_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\theme.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\classic_theme\warning.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme.lwtp
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\01_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\02_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\03_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\04_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\05_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\chat.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\dir_closed.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\dir_open.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\forward_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\forward_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\kill.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\kill_on.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\lime.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\logo.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\notsearching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\pause_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\pause_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\play_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\play_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\question.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\rewind_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\rewind_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\searching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\splash.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\stop_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\stop_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\theme.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewire_theme\warning.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\logo.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\notsearching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\searching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\splash.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme.lwtp
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\01_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\02_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\03_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\04_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\05_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\chat.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\forward_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\forward_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\kill.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\kill_on.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\logo.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\notsearching.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\pause_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\pause_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\play_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\play_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\question.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\rewind_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\rewind_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\searching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\splash.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\stop_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\stop_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\theme.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\other_theme\warning.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\splash.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\splashpro.png
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
C:\Users\Sam\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
C:\Users\Sam\AppData\Roaming\LimeWire\ttree.cache
C:\Users\Sam\AppData\Roaming\LimeWire\ttrees.cache
C:\Users\Sam\AppData\Roaming\LimeWire\ttroot.cache
C:\Users\Sam\AppData\Roaming\LimeWire\update.xml
C:\Users\Sam\AppData\Roaming\LimeWire\version.key
C:\Users\Sam\AppData\Roaming\LimeWire\version.xml
C:\Users\Sam\AppData\Roaming\LimeWire\versions.props
C:\Users\Sam\AppData\Roaming\LimeWire\xml\data\audio.sxml2
C:\Users\Sam\AppData\Roaming\LimeWire\xml\data\delete_me
C:\Users\Sam\AppData\Roaming\LimeWire\xml\misc\application.gif
C:\Users\Sam\AppData\Roaming\LimeWire\xml\misc\audio.gif
C:\Users\Sam\AppData\Roaming\LimeWire\xml\misc\document.gif
C:\Users\Sam\AppData\Roaming\LimeWire\xml\misc\image.gif
C:\Users\Sam\AppData\Roaming\LimeWire\xml\misc\video.gif
C:\Users\Sam\AppData\Roaming\LimeWire\xml\schemas\application.xsd
C:\Users\Sam\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
C:\Users\Sam\AppData\Roaming\LimeWire\xml\schemas\document.xsd
C:\Users\Sam\AppData\Roaming\LimeWire\xml\schemas\image.xsd
C:\Users\Sam\AppData\Roaming\LimeWire\xml\schemas\video.xsd
C:\Users\Sam\AppData\Roaming\uTorrent
C:\Users\Sam\AppData\Roaming\uTorrent\[051028][TYPE-MOON](129181) Fate/hollow ataraxia (1DVD)(iso)(dummycut).torrent
C:\Users\Sam\AppData\Roaming\uTorrent\2008_Sexiest_UK_Girl_Wallpapers_Widescreen_Edition_freewareboard.com.rar.1.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\2008_Sexiest_UK_Girl_Wallpapers_Widescreen_Edition_freewareboard.com.rar.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\3D Custom Girl + Uncensored Patch.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\Battlefield 1942.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\Battlefield 2142 Northern Strike PC.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\BattleField.2142.Northern.Strike-CLaiN.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\BF2.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\dht.dat
C:\Users\Sam\AppData\Roaming\uTorrent\dht.dat.old
C:\Users\Sam\AppData\Roaming\uTorrent\pr_0809_core_setup.exe.torrent
C:\Users\Sam\AppData\Roaming\uTorrent\resume.dat
C:\Users\Sam\AppData\Roaming\uTorrent\resume.dat.old
C:\Users\Sam\AppData\Roaming\uTorrent\rss.dat
C:\Users\Sam\AppData\Roaming\uTorrent\rss.dat.old
C:\Users\Sam\AppData\Roaming\uTorrent\settings.dat
C:\Users\Sam\AppData\Roaming\uTorrent\settings.dat.old
C:\Users\Sam\AppData\Roaming\uTorrent\utorrent-help.zip
C:\Users\Sam\AppData\Roaming\uTorrent\utorrent.chm
C:\Users\Sam\AppData\Roaming\uTorrent\utorrent.lng
C:\Users\Sam\AppData\Roaming\vghd
C:\Users\Sam\AppData\Roaming\vghd\Data\musics\musiclist.mpl
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backabout.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backcalendar.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backcollection.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backdelete.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backdownload_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backdownload_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backenterpassword.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\background.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backplaylists.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backregister_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backregister_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backscreensaver.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backsettings_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backsettings_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backwarnbox.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\backwarnbox_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_add_playlist_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_add_playlist_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_add_playlist_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_add_playlist_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_buy_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_buy_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_buy_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_buy_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_buy_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_buy_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_small.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_small_click.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_small_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancel_small_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancelregister_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancelregister_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancelregister_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_cancelregister_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_confirm_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_confirm_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_confirm_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_confirm_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_playlist_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_playlist_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_playlist_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_delete_playlist_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_download_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_download_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_download_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_download_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_download_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_download_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_downloadtrailer_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_downloadtrailer_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_downloadtrailer_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_downloadtrailer_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_downloadtrailer_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_downloadtrailer_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_enable_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_enable_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_enable_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_enable_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_enable_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_enable_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_finish_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_finish_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_finish_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_finish_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_no_click.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_no_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_no_on.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_no_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_ok_playlist_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_ok_playlist_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_ok_playlist_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_ok_playlist_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_ok_small.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_ok_small_click.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset1_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset1_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset1_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset1_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset2_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset2_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset2_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset2_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset3_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset3_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset3_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset3_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset4_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset4_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset4_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preset4_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preview_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preview_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preview_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_preview_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_previewsmall_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_previewsmall_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_previewsmall_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_previewsmall_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_products.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_resetdisabled_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_resetdisabled_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_resetdisabled_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_resetdisabled_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_resetdisabled_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_resetdisabled_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_select_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_select_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_select_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_select_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_show_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_show_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_show_off_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_show_off_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_show_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_show_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_skins.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_toggle_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_toggle_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_toggle_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_toggle_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_whatsnew_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_whatsnew_click_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_whatsnew_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_whatsnew_on_us.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_yes_click.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_yes_click_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_yes_on.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\button_yes_on_fr.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\calendar_comingsoon.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\calendar_nocard.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\checkbox.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\down_about.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\down_calendar.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\down_collection.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\down_downloads.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\down_settings.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\down_settings2.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\empty_girl.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\favorite.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\favorite_selected.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\list_disabled.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\list_enabled.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\logo.BMP
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\plus.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\radio.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\register_sticker.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr00001.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr00003.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr00004.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr00005.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr1.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr3.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr4.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\scr5.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\slider.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\tip_background.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\tooltip_button.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\tooltip_button_click.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\tooltip_check_off.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\tooltip_check_on.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\tooltip_close.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\up_about.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\up_calendar.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\up_collection.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\up_downloads.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\up_settings.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\up_settings2.bmp
C:\Users\Sam\AppData\Roaming\vghd\Data\skins\VirtuaGirlHD\classic skin\vgirl.pack
C:\Windows\System32\ec2
C:\Windows\System32\EV02
C:\Windows\System32\fs3
C:\Windows\System32\m3v
C:\Windows\System32\PX
C:\Windows\System32\vghd.scr
C:\Windows\System32\wi

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 01:07 . 2008-10-31 01:07 <DIR> d-------- C:\Users\Sam\Incomplete
2008-10-30 23:57 . 2008-10-30 23:57 <DIR> d-------- C:\Windows\Sun
2008-10-30 23:03 . 2008-10-30 23:03 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-10-30 17:38 . 2008-10-30 17:38 <DIR> d-------- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 17:38 . 2008-10-30 17:38 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-30 17:38 . 2008-10-30 17:38 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-30 17:38 . 2008-10-31 02:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 15:26 . 2008-10-30 15:26 <DIR> d-------- C:\rsit
2008-10-29 21:15 . 2008-10-29 21:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-29 16:53 . 2008-10-31 04:00 <DIR> d-------- C:\Temp
2008-10-29 16:52 . 2008-10-29 16:52 21,504 --a------ C:\Windows\System32\drivers\sdtr.sys
2008-10-29 16:33 . 2008-10-29 16:40 3 --a------ C:\Windows\sbacknt.bin
2008-10-28 18:45 . 2008-08-11 20:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 18:45 . 2008-09-17 21:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 18:45 . 2008-09-17 21:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-26 15:50 . 2008-10-31 02:07 183,128 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-26 15:50 . 2008-10-31 02:09 138,464 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-26 15:50 . 2008-10-26 15:50 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-24 17:26 . 2008-10-24 17:26 <DIR> d-------- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-18 14:40 . 2008-10-18 14:40 <DIR> d-------- C:\AeriaGames
2008-10-17 21:44 . 2008-10-17 21:44 <DIR> d-------- C:\Users\Sam\Program Files
2008-10-14 17:03 . 2008-09-17 22:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-14 17:03 . 2008-09-17 22:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-14 17:03 . 2008-09-17 19:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-14 17:03 . 2008-10-01 18:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-14 17:03 . 2008-10-01 20:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-14 17:03 . 2008-08-26 18:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-06 20:23 . 2008-10-06 20:23 <DIR> d-------- C:\Users\Sam\AppData\Roaming\Yahoo!
2008-10-06 20:23 . 2008-10-18 15:33 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-10-06 20:23 . 2008-10-18 15:33 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-10-03 07:15 . 2008-10-03 07:15 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 07:15 . 2008-10-03 07:15 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 07:15 . 2008-10-03 07:15 <DIR> d-------- C:\Program Files\iTunes
2008-10-03 07:15 . 2008-10-03 07:15 <DIR> d-------- C:\Program Files\iPod
2008-10-01 13:01 . 2008-10-01 13:01 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-21 17:07 . 2008-09-21 17:07 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-09-19 06:27 . 2008-10-24 17:26 <DIR> d-------- C:\Program Files\EA GAMES
2008-09-15 16:05 . 2008-09-15 16:05 <DIR> d-------- C:\Program Files\Free Mp3WmaOgg Converter
2008-09-15 16:05 . 2007-10-24 18:57 835,584 --a------ C:\Windows\System32\NCTAudioCDGrabber2.dll
2008-09-14 00:54 . 2008-09-14 00:54 <DIR> d-------- C:\Program Files\Veoh Networks
2008-09-12 07:24 . 2008-09-12 07:24 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-12 07:24 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-12 07:24 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-12 07:22 . 2008-09-12 07:22 <DIR> d-------- C:\Program Files\QuickTime
2008-09-12 07:22 . 2008-09-12 07:22 <DIR> d-------- C:\Program Files\Bonjour
2008-09-10 03:57 . 2008-07-30 18:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 03:57 . 2008-08-01 18:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 03:57 . 2008-06-25 20:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 03:57 . 2008-06-25 20:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 03:57 . 2008-05-08 12:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 03:57 . 2008-05-19 19:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 03:57 . 2008-06-25 20:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 03:57 . 2008-08-01 20:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 03:57 . 2008-07-30 20:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 09:05 --------- d-----w C:\Program Files\Java
2008-10-30 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-29 23:59 --------- d--h--w C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 06:56 --------- d-----w C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 22:31 682,280 ----a-w C:\Windows\System32\pbsvc.exe
2008-10-25 00:01 --------- d-----w C:\Program Files\Electronic Arts
2008-10-23 22:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-22 23:45 21,248 ----a-w C:\Windows\Help\OEM\Scripts\HPScript.exe
2008-10-15 14:12 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 06:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-27 20:55 --------- d---a-w C:\ProgramData\TEMP
2008-09-27 06:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-15 23:00 --------- d-----w C:\Program Files\Blaze Media Pro
2008-09-15 06:02 --------- d-----w C:\Program Files\HooTech
2008-09-12 14:22 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 22:44 --------- d-----w C:\Program Files\Microsoft Works
2008-08-30 20:08 --------- d-----w C:\Program Files\Fate/hollow ataraxia
2008-08-30 19:03 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-30 19:00 --------- d-----w C:\Users\Sam\AppData\Roaming\Roxio
2008-08-30 07:06 --------- d-----w C:\Program Files\HP
2008-08-30 07:03 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-29 17:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-19 19:16 131,072 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 05:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-19 01:19 174 --sha-w C:\Program Files\desktop.ini
2007-12-21 20:58 22,328 ----a-w C:\Users\Sam\AppData\Roaming\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-30_22.55.01.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-31 01:00:33 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-31 05:53:02 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-10-30 02:54:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-31 08:50:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-30 02:54:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-31 08:50:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-30 02:54:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-31 08:50:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-31 00:44:16 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-31 10:58:44 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-31 00:54:29 104,834 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-31 08:16:59 104,834 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-31 00:54:29 603,774 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-31 08:16:59 603,774 ----a-w C:\Windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 03:46 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-01-26 13:30 73728 --------- C:\Users\Sam\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2548796055-3142071288-23208715-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F9769C7B-896E-4EFD-8212-FFE507F32B4A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C43FA443-9BDB-47BA-A655-B188A5165C47}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A505F2CA-2F96-482D-BCB8-DAE1EC95354A}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{4244B846-ACB8-4011-A774-E5BCDD004D5C}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6DA29B0A-B117-424B-AC47-BB99BD4E57AC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5119FB1A-4EE3-44BF-A5BA-7B7B3EE49601}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0EE9970A-D8EF-4A4F-A063-FCC5A951ADD3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E7709959-0D93-49BB-9A35-0DE6F5F35F4A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1BBCBE8B-ECD2-43A0-AEF4-00F07B1CCFD6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{99E30E7E-F47A-49F1-A812-BFC1D2E910DD}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E1CE631F-904C-41E5-9894-F49B9A0575A6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CB6AFA01-4D4D-42E3-B0CF-287B21E4A6A6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9B246A7-FCE4-4452-8417-859DC8A211C4}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{34F1BA11-2001-4C0E-810D-F96BDE3B4C6E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{31707E77-5F2A-402F-99CF-3BBBF0FDEF48}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C9FD1D12-A989-4A12-87B3-D18037153F7D}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C21ADAB3-9D52-48E6-8A01-21A0044A77F5}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{034E55D6-3D87-409C-A97E-F16A29EC9EB3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{A66A30B0-F12F-4B53-A96B-BDD521146BFF}C:\\program files\\steam\\steamapps\\dudforla53\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\dudforla53\counter-strike source\hl2.exe:hl2
"UDP Query User{C6981A8D-4018-4094-A5D5-A47518268C51}C:\\program files\\steam\\steamapps\\dudforla53\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\dudforla53\counter-strike source\hl2.exe:hl2
"TCP Query User{42400786-8871-43F3-8267-1F151E0F8462}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{554756E3-ED2F-4020-8D35-A9407200344A}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"TCP Query User{225B4AA2-9718-40AD-B4D9-2A5425871F13}C:\\nexon\\maplestory\\patcher.exe"= UDP:C:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
"UDP Query User{5ACFC794-6023-4ABD-908C-4642485B9E4B}C:\\nexon\\maplestory\\patcher.exe"= TCP:C:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
"TCP Query User{D2E7F4B3-6CC3-4818-B4B5-5D6917917708}C:\\nexon\\maplestory\\newpatcher.exe"= UDP:C:\nexon\maplestory\newpatcher.exe:Patcher MFC ?? ????
"UDP Query User{10A28B8D-43F1-499D-B21A-726C468EEB5E}C:\\nexon\\maplestory\\newpatcher.exe"= TCP:C:\nexon\maplestory\newpatcher.exe:Patcher MFC ?? ????
"TCP Query User{20926430-4AB7-4D1D-AE11-E8149977F10F}C:\\ijji\\english\\u_sf\\soldierfront.exe"= Disabled:UDP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{A88FA4DB-0210-484E-8D11-DDB2121FDF83}C:\\ijji\\english\\u_sf\\soldierfront.exe"= Disabled:TCP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{36B4F7F1-169C-4DEE-8574-60D4039EA535}C:\\program files\\patcher.exe"= UDP:C:\program files\patcher.exe:Patcher MFC ?? ????
"UDP Query User{8821AED1-0960-400F-9AA2-E3FFAE72DEF9}C:\\program files\\patcher.exe"= TCP:C:\program files\patcher.exe:Patcher MFC ?? ????
"TCP Query User{96F1CE02-4C73-4695-8C6F-5897C3BF6F3F}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{70E4FB77-09C3-4F65-ABD7-921BDE65D68D}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{4B8B7E7E-6FDA-4D1A-BD97-C9BC74C76F34}C:\\program files\\newpatcher.exe"= UDP:C:\program files\newpatcher.exe:Patcher MFC ?? ????
"UDP Query User{C581519E-ACAD-4872-A261-A8557FF3F22C}C:\\program files\\newpatcher.exe"= TCP:C:\program files\newpatcher.exe:Patcher MFC ?? ????
"TCP Query User{317F6A51-F55E-40C9-AFDD-5D65DFFE8628}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{B277742E-3819-45A5-B009-84837CDD7F27}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"{1CAA87E5-DF6A-44C0-9E05-7B0135796000}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C5AA2223-4BC1-455A-8253-6C15C296A7EB}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{EEAB8383-2283-43F3-944A-7AE4DEEFA0B3}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5D809320-D574-42C9-B5F8-77B64F88C208}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F4D85DE7-6670-4D84-BCBC-B4129918DF93}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{192BBCFE-5380-49F4-BF3C-A38DD2004994}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{24FFFD03-9A3A-418E-A709-A4F6309A3161}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6011C803-69E3-4DEA-90A7-943C0774CDD6}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FA7413EE-DA2D-41E5-AC6C-B9F180333596}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{4BA28EFD-1318-4DB4-A4EF-C510569E1B3D}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{360E2AC8-61A9-4676-B4A0-A4760848C57B}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{C7BC6FCD-49FC-45FE-ADE4-9D80BF9E67D0}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{B279F710-6590-4D8C-8901-91A3B7E4D5C3}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{C616EEC7-7B62-4E31-A7E7-56BDEFAC233D}"= UDP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{5B7BEE7E-EE78-490A-B15C-77375277EB18}"= TCP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{E5F4F2B3-5E20-4B2B-B64D-8903F4E1713A}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{8A1174CC-03D8-4663-A287-CBD8B03075E3}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{1EE4DF9D-FDEA-493A-BD4D-7CAA293D6FCC}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F18AF929-9720-4CC7-904A-44AFDFCF70FD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5FB159F3-2EC0-478B-AAF4-C402842B1EFF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8A999894-C08F-456A-A95A-C6DEB6D1366C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ED79165D-61E0-4724-BC8F-05487D2E929E}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{968FCA9A-0699-4D07-B797-ECEE24E99099}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\River Past\\Screen Recorder Pro\\ScreenRecorderPro.exe"= C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro
"C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
S1 sdtr;sdtr;C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S3 ctgame;Game Port;C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]

*Newly Created Service* - PNKBSTRK
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 04:02:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-31 4:03:20
ComboFix-quarantined-files.txt 2008-10-31 11:03:12

Pre-Run: 359,606,562,816 bytes free
Post-Run: 359,642,079,232 bytes free

710 --- E O F --- 2008-10-29 10:00:43

dudforla
2008-11-07, 02:10
The previous post is not the right File.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-06 16:07:19
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 338 GB (72%) free of 469 GB
Total RAM: 1918 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:23 PM, on 11/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8866 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-02 00:14:25 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-06 00:05:12 ----D---- C:\Windows\Prefetch
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-05 21:31:26 ----SHD---- C:\System Volume Information
2008-11-04 18:14:53 ----RD---- C:\Program Files
2008-11-04 15:44:59 ----D---- C:\Windows\system32\drivers
2008-11-04 07:56:14 ----D---- C:\Windows\System32
2008-11-04 07:56:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 07:56:13 ----D---- C:\Windows\inf
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-27 22:56:03 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help
2008-10-07 11:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 auvdl3nr;auvdl3nr; C:\Windows\system32\drivers\auvdl3nr.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------


I absolutely cannot find the other file that is suppose to open

dudforla
2008-11-07, 02:16
would this be the correct one?

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-06 16:07:19
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 338 GB (72%) free of 469 GB
Total RAM: 1918 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:23 PM, on 11/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8866 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-02 00:14:25 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-06 00:05:12 ----D---- C:\Windows\Prefetch
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-05 21:31:26 ----SHD---- C:\System Volume Information
2008-11-04 18:14:53 ----RD---- C:\Program Files
2008-11-04 15:44:59 ----D---- C:\Windows\system32\drivers
2008-11-04 07:56:14 ----D---- C:\Windows\System32
2008-11-04 07:56:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 07:56:13 ----D---- C:\Windows\inf
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-27 22:56:03 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help
2008-10-07 11:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 auvdl3nr;auvdl3nr; C:\Windows\system32\drivers\auvdl3nr.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

dudforla
2008-11-07, 10:23
yea I'm sorry I cannot seem to find the second Log file you want. Only that file seems to show everytime I run RSIT

dudforla
2008-11-07, 10:33
Please lock or delete i wish to re-post whole thing again

Shaba
2008-11-07, 11:13
Your first log was correct.

Have you used CFScript from someone else's thread?

dudforla
2008-11-07, 14:21
no i have not. old script that was still on my computer documents location
The RSIT does not open a second window

Shaba
2008-11-07, 19:00
Go to vista run, see here (http://www.computerperformance.co.uk/vista/vista_run_command.htm)

Type "%userprofile%/Desktop/RSIT.exe" /info and press enter.

Let me know if it was now successful.

dudforla
2008-11-08, 21:14
sorry for late response.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-08 11:12:17
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 339 GB (72%) free of 469 GB
Total RAM: 1918 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:25 AM, on 11/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cmd.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8854 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-07 12:10:36 ----D---- C:\f0fd5791416ab650bc
2008-11-02 00:14:25 ----D---- C:\Users\Sam\AppData\Roaming\LimeWire
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-08 02:35:55 ----SHD---- C:\System Volume Information
2008-11-07 22:05:45 ----D---- C:\Windows\Prefetch
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-04 18:14:53 ----RD---- C:\Program Files
2008-11-04 15:44:59 ----D---- C:\Windows\system32\drivers
2008-11-04 07:56:14 ----D---- C:\Windows\System32
2008-11-04 07:56:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 07:56:13 ----D---- C:\Windows\inf
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-27 22:56:03 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 auvdl3nr;auvdl3nr; C:\Windows\system32\drivers\auvdl3nr.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------
[/CODE]
[CODE]info.txt logfile of random's system information tool 1.04 2008-11-08 11:12:28

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP600-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
C-Media PCI Audio Driver-->C:\Windows\system32\CMRMDRV3.exe
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
Project Reality 0809 Core-->"C:\Program Files\EA GAMES\Battlefield 2\unins000.exe"
Project Reality 0809 Levels-->"C:\Program Files\EA GAMES\Battlefield 2\unins001.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
WinFF 0.4-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-11-10, 12:02
Sorry for late reply, I got no email notification.

Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



:files
C:\Users\Sam\AppData\Roaming\LimeWire

:commands
[EmptyTemp]


Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

dudforla
2008-11-10, 21:17
this wold be slightly incorrect?
do i have to follow the reboot proceedure?
========== FILES ==========
File/Folder C:\Users\Sam\AppData\Roaming\LimeWire not found.
========== COMMANDS ==========
File delete failed. C:\Users\Sam\AppData\Local\Temp\Low\~DF3121.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_111519

Shaba
2008-11-10, 21:57
That is fine :)

Download and install one antivirus from below.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Post back a fresh HijackThis log afterwards, please.

dudforla
2008-11-11, 04:50
Name of File
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report19480224\SpybotSD.exe.hu.kdmp
Result
Infection:Win32:Agent-COH [Trj]

do you wish me to delete this since fix does not work?
also this is by avast scan. please reply asap

dudforla
2008-11-11, 07:26
After deleting the file that was found i am still receieving problems. my Windows Defender program is Disabling it to execute yet it is this there . here is my hijack info

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-10 21:24:55
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 335 GB (71%) free of 469 GB
Total RAM: 1918 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:59 PM, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Users\Sam\AppData\Roaming\Google\visfdw.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cmd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [winlogone] "C:\Users\Sam\AppData\Roaming\Google\visfdw.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9716 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"winlogone"=C:\Users\Sam\AppData\Roaming\Google\visfdw.exe [2008-11-10 104960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-10 16:05:48 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-10 16:05:47 ----D---- C:\Program Files\Alwil Software
2008-11-10 10:53:41 ----D---- C:\_OTMoveIt
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-10 21:24:59 ----D---- C:\Windows\Prefetch
2008-11-10 20:20:09 ----SHD---- C:\System Volume Information
2008-11-10 16:05:58 ----D---- C:\Windows\system32\drivers
2008-11-10 16:05:57 ----D---- C:\Windows\System32
2008-11-10 16:05:47 ----RD---- C:\Program Files
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Audacity
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Apple Computer
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\AdobeUM
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Adobe
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\acccore
2008-11-10 15:24:50 ----D---- C:\Users\Sam\AppData\Roaming\Google
2008-11-10 11:02:29 ----D---- C:\Windows\inf
2008-11-10 11:02:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-08 12:04:36 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2008-11-10 138464]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 agkwhujh;agkwhujh; C:\Windows\system32\drivers\agkwhujh.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-11-10 183128]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------
[/CODE]
[CODE]info.txt logfile of random's system information tool 1.04 2008-11-10 21:25:04

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP600-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
C-Media PCI Audio Driver-->C:\Windows\system32\CMRMDRV3.exe
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
Project Reality 0809 Core-->"C:\Program Files\EA GAMES\Battlefield 2\unins000.exe"
Project Reality 0809 Levels-->"C:\Program Files\EA GAMES\Battlefield 2\unins001.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
WinFF 0.4-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-11-11, 15:57
Avast finding is false positive.

Looks like that you have got more malware.

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\Users\Sam\AppData\Roaming\Google\visfdw.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

dudforla
2008-11-11, 19:39
Antivirus Version Last Update Result
AhnLab-V3 2008.11.11.2 2008.11.11 -
AntiVir 7.9.0.30 2008.11.11 -
Authentium 5.1.0.4 2008.11.11 -
Avast 4.8.1248.0 2008.11.11 -
AVG 8.0.0.161 2008.11.11 -
BitDefender 7.2 2008.11.11 -
CAT-QuickHeal 9.50 2008.11.11 -
ClamAV 0.94.1 2008.11.11 -
DrWeb 4.44.0.09170 2008.11.11 -
eSafe 7.0.17.0 2008.11.11 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.11 -
F-Prot 4.4.4.56 2008.11.11 -
F-Secure 8.0.14332.0 2008.11.11 Rogue:W32/PCDefender.A
Fortinet 3.117.0.0 2008.11.11 -
GData 19 2008.11.11 -
Ikarus T3.1.1.45.0 2008.11.11 -
K7AntiVirus 7.10.522 2008.11.11 -
Kaspersky 7.0.0.125 2008.11.11 -
McAfee 5430 2008.11.10 -
Microsoft 1.4104 2008.11.11 TrojanDownloader:Win32/Dabew
NOD32 3603 2008.11.11 -
Norman 5.80.02 2008.11.10 -
Panda 9.0.0.4 2008.11.10 Suspicious file
PCTools 4.4.2.0 2008.11.11 -
Prevx1 V2 2008.11.11 Adware
Rising 21.03.12.00 2008.11.11 -
SecureWeb-Gateway 6.7.6 2008.11.11 -
Sophos 4.35.0 2008.11.11 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.11 -
TheHacker 6.3.1.1.147 2008.11.10 -
TrendMicro 8.700.0.1004 2008.11.11 -
VBA32 3.12.8.9 2008.11.10 -
ViRobot 2008.11.11.1461 2008.11.11 -
VirusBuster 4.5.11.0 2008.11.11 -
Additional information
File size: 104960 bytes
MD5...: 3c8580971b58d8459290a6d5de92cd98
SHA1..: 672dac0714f1b097a8c61580d83833fa4f9bb695
SHA256: e2311710fb3070b057150042e266fcd3af2fc9e5dc67f552d603ca9c2d53e4f1
SHA512: 4f923f6ad22deb70010ae3f98580ed49e65c53f79bc906eb53369c1fc795cf20
af491011eb3ef970b3582951be0400b8d08883f1b82dd458d3e3289f33dad62f
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x405dfc
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x6d68 0x6e00 7.32 9efcb50e2beecf3a43a0b94520cf6d01
DATA 0x8000 0xad0c 0xae00 6.25 ccc8c7bc397a1f739db6d1b153e00af2
BSS 0x13000 0xa51 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x14000 0xa72 0xc00 4.30 922a9e04108f0d860f4237f81c43b1f6
.tls 0x15000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x16000 0x18 0x200 0.21 edbc3e5536a5fe87f44333e41c2f7759
.reloc 0x17000 0xa6c 0xc00 6.33 83b9ed6ac5e8227687f74c748115f543
.rsrc 0x18000 0x5ec0 0x6000 6.67 63d929df89d2d22bb5f14eec8e6b412b

( 10 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey
> kernel32.dll: lstrlenA, lstrcpyA, lstrcmpiA, lstrcatA, WriteFile, WinExec, VirtualProtect, Sleep, LoadLibraryA, HeapFree, HeapAlloc, GetTickCount, GetProcessHeap, GetProcAddress, GetModuleHandleA, GetLastError, GetFileAttributesA, GetEnvironmentVariableA, FreeLibrary, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, CreateFileA, CreateDirectoryA, CloseHandle
> gdi32.dll: TextOutA, StretchBlt, SetTextColor, SetBkMode, SetBkColor, SelectObject, MoveToEx, LineTo, DeleteObject, DeleteDC, CreatePen, CreateFontIndirectA, CreateCompatibleDC, BitBlt
> user32.dll: CreateWindowExA, UpdateWindow, UnregisterClassA, TranslateMessage, SystemParametersInfoA, ShowWindow, SetWindowPos, SetWindowLongA, SetCursor, SendMessageA, ScreenToClient, RegisterClassA, PostQuitMessage, PeekMessageA, LoadImageA, LoadIconA, LoadCursorA, KillTimer, GetWindowLongA, GetSysColorBrush, GetSysColor, GetDC, GetCursorPos, FillRect, EndPaint, DrawIconEx, DrawIcon, DispatchMessageA, DestroyWindow, DefWindowProcA, CallWindowProcA, BringWindowToTop, BeginPaint
> shell32.dll: ShellExecuteA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=59937ED80073A6F39A8B012F479C6300CA6219C1

Shaba
2008-11-11, 19:52
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



:processes
visfdw.exe

:files
C:\Users\Sam\AppData\Roaming\Google\visfdw.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"winlogone"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]



Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log
- a fresh otmoveit3 log

dudforla
2008-11-11, 21:28
========== PROCESSES ==========
Process visfdw.exe killed successfully.
========== FILES ==========
C:\Users\Sam\AppData\Roaming\Google\visfdw.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winlogone deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11112008_112522



info.txt logfile of random's system information tool 1.04 2008-11-11 11:27:20

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP600-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
C-Media PCI Audio Driver-->C:\Windows\system32\CMRMDRV3.exe
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
Project Reality 0809 Core-->"C:\Program Files\EA GAMES\Battlefield 2\unins000.exe"
Project Reality 0809 Levels-->"C:\Program Files\EA GAMES\Battlefield 2\unins001.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
WinFF 0.4-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

dudforla
2008-11-11, 21:28
Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-11 11:27:15
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 340 GB (72%) free of 469 GB
Total RAM: 1918 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:19 AM, on 11/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cmd.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8877 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-10 16:05:47 ----D---- C:\Program Files\Alwil Software
2008-11-10 10:53:41 ----D---- C:\_OTMoveIt
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-11 11:25:22 ----D---- C:\Users\Sam\AppData\Roaming\Google
2008-11-11 11:24:48 ----D---- C:\Windows\Prefetch
2008-11-11 10:41:27 ----SHD---- C:\System Volume Information
2008-11-11 09:26:48 ----D---- C:\Windows\System32
2008-11-11 09:26:47 ----D---- C:\Windows\system32\drivers
2008-11-10 16:05:47 ----RD---- C:\Program Files
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Audacity
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Apple Computer
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\AdobeUM
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Adobe
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\acccore
2008-11-10 11:02:29 ----D---- C:\Windows\inf
2008-11-10 11:02:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-08 12:04:36 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-11-01 12:18:36 ----D---- C:\Windows\winsxs
2008-11-01 11:46:24 ----D---- C:\Windows\system32\catroot
2008-11-01 11:46:23 ----D---- C:\Windows\system32\catroot2
2008-10-31 14:27:02 ----D---- C:\Windows
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:35 ----SHD---- C:\Windows\Installer
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail
2008-10-14 22:27:37 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2008-11-10 138464]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 agkwhujh;agkwhujh; C:\Windows\system32\drivers\agkwhujh.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-11-10 183128]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

Shaba
2008-11-12, 11:36
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

dudforla
2008-11-14, 01:42
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 13, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 13, 2008 13:03:34
Records in database: 1383159
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 177741
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:28:56


File name / Threat name / Threats count
C:\Users\Sam\AppData\Roaming\Google\ovlfwl.dll Infected: Rootkit.Win32.Delf.aj 1

The selected area was scanned.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-13 15:42:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 337 GB (72%) free of 469 GB
Total RAM: 1918 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:11 PM, on 11/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8667 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-12 12:26:30 ----A---- C:\Windows\system32\msxml3.dll
2008-11-12 12:26:29 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 16:05:47 ----D---- C:\Program Files\Alwil Software
2008-11-10 10:53:41 ----D---- C:\_OTMoveIt
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 16:03:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 16:03:10 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 16:03:10 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 16:03:09 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 16:03:08 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2008-11-13 07:08:45 ----D---- C:\Windows\Prefetch
2008-11-13 03:21:27 ----D---- C:\Windows\winsxs
2008-11-13 03:15:31 ----D---- C:\Windows\System32
2008-11-13 03:15:31 ----D---- C:\Windows\inf
2008-11-13 03:15:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-13 03:11:23 ----D---- C:\Windows\system32\catroot
2008-11-13 03:09:20 ----D---- C:\Windows\system32\drivers
2008-11-13 03:03:57 ----SHD---- C:\Windows\Installer
2008-11-13 03:03:56 ----D---- C:\ProgramData\Microsoft Help
2008-11-13 03:00:40 ----D---- C:\Windows
2008-11-13 03:00:26 ----SHD---- C:\System Volume Information
2008-11-12 12:24:29 ----D---- C:\Windows\system32\catroot2
2008-11-11 11:25:22 ----D---- C:\Users\Sam\AppData\Roaming\Google
2008-11-10 16:05:47 ----RD---- C:\Program Files
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Audacity
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Apple Computer
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\AdobeUM
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Adobe
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\acccore
2008-11-08 12:04:36 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-03 16:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:48:11 ----D---- C:\Windows\system32\config
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:10:28 ----D---- C:\Windows\system32\Tasks
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-15 06:12:39 ----D---- C:\Windows\system32\migration
2008-10-15 06:12:39 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 a0s225en;a0s225en; C:\Windows\system32\drivers\a0s225en.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-13 15:42:14

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP600-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
C-Media PCI Audio Driver-->C:\Windows\system32\CMRMDRV3.exe
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
Project Reality 0809 Core-->"C:\Program Files\EA GAMES\Battlefield 2\unins000.exe"
Project Reality 0809 Levels-->"C:\Program Files\EA GAMES\Battlefield 2\unins001.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
WinFF 0.4-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2008-11-14, 11:39
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site 1 (http://hype.free.googlepages.com/gmer.zip)
alternate download site 2 (http://www.castlecops.com/downloads-file-546.html)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the log
You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..

dudforla
2008-11-16, 04:59
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-15 18:53:26
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

INT 0x51 ? 845A7BF8
INT 0x52 ? 868BDBF8
INT 0x62 ? 868BDBF8
INT 0x62 ? 868BDBF8
INT 0x72 ? 845A6BF8
INT 0x82 ? 845A6BF8
INT 0x92 ? 845A7BF8

---- Kernel code sections - GMER 1.0.14 ----

? System32\Drivers\spja.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload 87F9246F 5 Bytes JMP 868BD1D8
.text ae4gxvd0.SYS 8BD20000 22 Bytes [ 26, 72, 01, 82, 10, 71, 01, ... ]
.text ae4gxvd0.SYS 8BD20017 145 Bytes [ 00, 32, 57, 71, 82, 3D, 55, ... ]
.text ae4gxvd0.SYS 8BD200A9 35 Bytes [ 60, 09, 82, A0, 57, 09, 82, ... ]
.text ae4gxvd0.SYS 8BD200CE 10 Bytes [ 00, 00, 00, 00, 00, 00, 66, ... ]
.text ae4gxvd0.SYS 8BD200DA 12 Bytes [ 00, 00, 02, 00, 00, 00, 25, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8260C6D2] \SystemRoot\System32\Drivers\spja.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8260C040] \SystemRoot\System32\Drivers\spja.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8260C7FC] \SystemRoot\System32\Drivers\spja.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8260C0BE] \SystemRoot\System32\Drivers\spja.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8260C13C] \SystemRoot\System32\Drivers\spja.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8261C048] \SystemRoot\System32\Drivers\spja.sys
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8BD45FBC] \SystemRoot\System32\Drivers\ae4gxvd0.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortReadPortUshort] D45FC8A1
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8B
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\ae4gxvd0.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73827BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738698C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7382D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7381F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73827599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7381E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7385B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7382D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7382012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73820095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738171F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [738AD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [738475E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7381DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7381668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [738166BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73821E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84F391F8
Device \FileSystem\udfs \UdfsCdRom 869721F8
Device \FileSystem\udfs \UdfsDisk 869721F8
Device \Driver\volmgr \Device\VolMgrControl 84F351F8
Device \Driver\usbohci \Device\USBPDO-0 868AB1F8
Device \Driver\nvstor32 \Device\00000052 84F381F8
Device \Driver\usbehci \Device\USBPDO-1 868AA1F8
Device \Driver\PCI_PNP0999 \Device\00000045 spja.sys
Device \Driver\nvstor32 \Device\00000053 84F381F8
Device \Driver\volmgr \Device\HarddiskVolume1 84F351F8
Device \Driver\volmgr \Device\HarddiskVolume2 84F351F8
Device \Driver\cdrom \Device\CdRom0 868C71F8
Device \Driver\volmgr \Device\HarddiskVolume3 84F351F8
Device \Driver\cdrom \Device\CdRom1 868C71F8
Device \Driver\atapi \Device\Ide\IdePort0 84F371F8
Device \Driver\atapi \Device\Ide\IdePort1 84F371F8
Device \Driver\volmgr \Device\HarddiskVolume4 84F351F8
Device \Driver\USBSTOR \Device\00000067 869D91F8
Device \Driver\volmgr \Device\HarddiskVolume5 84F351F8
Device \Driver\USBSTOR \Device\00000068 869D91F8
Device \Driver\sptd \Device\924281004 spja.sys
Device \Driver\volmgr \Device\HarddiskVolume6 84F351F8
Device \Driver\USBSTOR \Device\00000069 869D91F8
Device \Driver\netbt \Device\NetBt_Wins_Export 90A9C500
Device \Driver\Smb \Device\NetbiosSmb 90A9E1F8
Device \Driver\nvstor32 \Device\RaidPort0 84F381F8
Device \Driver\nvstor32 \Device\RaidPort1 84F381F8
Device \Driver\USBSTOR \Device\0000006a 869D91F8
Device \Driver\iScsiPrt \Device\RaidPort2 86A391F8
Device \Driver\USBSTOR \Device\0000006b 869D91F8
Device \Driver\usbohci \Device\USBFDO-0 868AB1F8
Device \Driver\usbehci \Device\USBFDO-1 868AA1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{1C9F0287-10DB-488F-B274-7C57A5B7F7D3} 90A9C500
Device \Driver\ae4gxvd0 \Device\Scsi\ae4gxvd01 86A2D1F8
Device \Driver\ae4gxvd0 \Device\Scsi\ae4gxvd01Port5Path0Target0Lun0 86A2D1F8
Device \FileSystem\cdfs \Cdfs A08FC1F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x33 0x2E 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x82 0x05 0x6C 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE3 0x95 0xF1 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCC 0x33 0x2E 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x82 0x05 0x6C 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE3 0x95 0xF1 0x0D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x7E 0xDD 0xC8 0x18 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA7032BA-44F2-712C-5551-C5C5A3B32CBE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA7032BA-44F2-712C-5551-C5C5A3B32CBE}@oaljapnoncedpdaoioklafcmekdghi 0x64 0x61 0x6F 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA7032BA-44F2-712C-5551-C5C5A3B32CBE}@oahcidbgpmfmcbajmfdfmebbkcckpd 0x6A 0x61 0x6C 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA7032BA-44F2-712C-5551-C5C5A3B32CBE}@nabkoodmajlnfncgaflehgeplkhc 0x69 0x61 0x6B 0x6C ...

---- EOF - GMER 1.0.14 ----

Shaba
2008-11-16, 12:36
OK, it looks like that dll was only a leftover.

Delete this:

C:\Users\Sam\AppData\Roaming\Google\ovlfwl.dll

Empty Recycle Bin.

Still problems?

dudforla
2008-11-16, 18:31
well before we started scanning and all I just checked up on spybotSnD to see my status. I had Virtumonde only so i consulted here. nothing was going wrong no popups or anything. after 2-3 days of scanning windows defender kept blocking a virus from acting [popup] then after deleting some files during the session that virus stopped acting. we kept scanning and deleted some more. before the previous deletiong my computer sometimes opened IE windows if i closed an IE window. The IE windows the virus opened was the same link to the one that i closed also it repeated opened the windows till i finally ended iexplorer.exe in task manager.
right now nothing is going on except when i scan on spybotSnD it tells me i still have virtumonde.
We must keep scanning :sad:

Shaba
2008-11-16, 18:35
Well in that case post back spybot report next :)

dudforla
2008-11-17, 07:20
spybot report?.. umm
I have Virtumonde and that's all it is telling me
How bout an Hijack report

info.txt logfile of random's system information tool 1.04 2008-11-16 21:20:08

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon MP600-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
C-Media PCI Audio Driver-->C:\Windows\system32\CMRMDRV3.exe
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Caps/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
Project Reality 0809 Core-->"C:\Program Files\EA GAMES\Battlefield 2\unins000.exe"
Project Reality 0809 Levels-->"C:\Program Files\EA GAMES\Battlefield 2\unins001.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
WinFF 0.4-->"C:\Program Files\WinFF\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4302
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sam at 2008-11-16 21:19:59
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 334 GB (71%) free of 469 GB
Total RAM: 1918 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:06 PM, on 11/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\System32\cmd.exe
C:\Users\Sam\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8820 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-03 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2006-11-20 155648]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-24 44136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe"="C:\Program Files\River Past\Screen Recorder Pro\ScreenRecorderPro.exe:*:Enabled:River Past Screen Recorder Pro"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ffa042-83cf-11dc-9183-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-11-16 00:22:20 ----A---- C:\Windows\system32\msxml6.dll
2008-11-15 23:40:32 ----A---- C:\Windows\system32\msxml3.dll
2008-11-15 20:25:04 ----D---- C:\Users\Sam\AppData\Roaming\Move Networks
2008-11-15 18:25:41 ----A---- C:\Windows\gmer.ini
2008-11-15 18:25:39 ----A---- C:\Windows\gmer_uninstall.cmd
2008-11-15 18:25:39 ----A---- C:\Windows\gmer.exe
2008-11-15 18:25:39 ----A---- C:\Windows\gmer.dll
2008-11-10 16:05:47 ----D---- C:\Program Files\Alwil Software
2008-11-10 10:53:41 ----D---- C:\_OTMoveIt
2008-11-01 11:48:10 ----A---- C:\Windows\system32\EncDec.dll
2008-11-01 11:48:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-31 14:26:47 ----D---- C:\ComboFix
2008-10-31 03:08:12 ----D---- C:\Program Files\Panda Security
2008-10-31 03:05:09 ----D---- C:\Windows\temp
2008-10-30 22:57:23 ----D---- C:\Windows\Sun
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaws.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\javaw.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\java.exe
2008-10-30 22:03:36 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 16:41:43 ----D---- C:\Windows\ERDNT
2008-10-30 16:38:32 ----D---- C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-10-30 16:38:23 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 14:26:03 ----D---- C:\rsit
2008-10-29 20:15:25 ----D---- C:\Program Files\Trend Micro
2008-10-29 15:53:14 ----D---- C:\Temp
2008-10-28 17:45:44 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 17:45:44 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 17:45:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-26 14:50:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-26 14:50:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-24 16:26:22 ----D---- C:\Users\Sam\AppData\Roaming\InstallShield Installation Information
2008-10-23 19:27:27 ----A---- C:\Windows\system32\netapi32.dll
2008-10-18 13:40:30 ----D---- C:\AeriaGames

======List of files/folders modified in the last 1 months======

2008-11-16 21:20:06 ----D---- C:\Windows\Prefetch
2008-11-16 08:19:23 ----D---- C:\Users\Sam\AppData\Roaming\Google
2008-11-16 03:21:04 ----D---- C:\Windows\winsxs
2008-11-16 03:14:57 ----D---- C:\Windows\System32
2008-11-16 03:14:57 ----D---- C:\Windows\inf
2008-11-16 03:14:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-16 03:10:47 ----D---- C:\Windows\system32\catroot
2008-11-16 03:09:04 ----D---- C:\Windows\system32\drivers
2008-11-16 03:03:50 ----SHD---- C:\Windows\Installer
2008-11-16 03:03:49 ----D---- C:\ProgramData\Microsoft Help
2008-11-16 03:00:27 ----SHD---- C:\System Volume Information
2008-11-15 18:25:41 ----D---- C:\Windows
2008-11-15 18:24:27 ----D---- C:\Windows\system32\catroot2
2008-11-15 18:23:26 ----D---- C:\Windows\Minidump
2008-11-15 18:21:29 ----D---- C:\Windows\system32\config
2008-11-15 18:19:24 ----D---- C:\Program Files\Windows Mail
2008-11-15 18:19:21 ----D---- C:\Windows\Tasks
2008-11-15 18:19:21 ----D---- C:\Windows\system32\Tasks
2008-11-15 18:19:21 ----D---- C:\Windows\system32\spool
2008-11-15 18:19:20 ----D---- C:\Windows\system32\Msdtc
2008-11-15 18:19:20 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-15 18:19:01 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 18:19:00 ----D---- C:\Program Files\DivX
2008-11-15 18:18:50 ----D---- C:\Windows\system32\wbem
2008-11-15 18:18:50 ----D---- C:\Windows\registration
2008-11-15 00:22:26 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-10 16:05:47 ----RD---- C:\Program Files
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Audacity
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Apple Computer
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\AdobeUM
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\Adobe
2008-11-10 15:25:50 ----D---- C:\Users\Sam\AppData\Roaming\acccore
2008-11-08 12:04:36 ----D---- C:\Users\Sam\AppData\Roaming\Winff
2008-11-06 00:05:07 ----D---- C:\Program Files\Common Files
2008-11-03 16:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-11-01 13:36:38 ----D---- C:\Windows\Microsoft.NET
2008-11-01 13:36:23 ----RSD---- C:\Windows\assembly
2008-11-01 12:20:57 ----D---- C:\Windows\ehome
2008-10-31 14:26:47 ----D---- C:\Windows\system32\en-US
2008-10-31 03:07:13 ----SD---- C:\Windows\Downloaded Program Files
2008-10-31 03:01:56 ----A---- C:\Windows\system.ini
2008-10-31 03:01:00 ----D---- C:\Windows\AppPatch
2008-10-31 01:05:34 ----D---- C:\Program Files\Java
2008-10-31 00:06:19 ----D---- C:\Incomplete
2008-10-30 16:45:30 ----D---- C:\Program Files\Internet Explorer
2008-10-30 16:38:23 ----HD---- C:\ProgramData
2008-10-29 17:12:36 ----HD---- C:\Windows\system32\GroupPolicyUsers
2008-10-29 17:10:44 ----HD---- C:\Windows\system32\GroupPolicy
2008-10-29 16:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:59:01 ----HD---- C:\Users\Sam\AppData\Roaming\ijjigame
2008-10-28 18:26:42 ----D---- C:\Downloads
2008-10-26 14:31:17 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-25 19:55:34 ----RSD---- C:\Windows\Fonts
2008-10-24 16:26:26 ----D---- C:\Program Files\EA GAMES
2008-10-24 16:01:22 ----D---- C:\Program Files\Electronic Arts
2008-10-23 14:41:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-18 14:33:40 ----D---- C:\ProgramData\Yahoo! Companion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-06-03 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcw18bda;Hauppauge WinTV 418 Driver; C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 366080]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 sdtr;sdtr; C:\Windows\system32\drivers\sdtr.sys [2008-10-29 21504]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\npkcrypt.sys []
S3 a8yd900i;a8yd900i; C:\Windows\system32\drivers\a8yd900i.sys []
S3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmuda3.sys [2005-10-28 1355456]
S3 ctgame;Game Port; C:\Windows\system32\DRIVERS\ctgame.sys [2006-11-28 19128]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-15 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 ntgrip;Gravis GamePort device driver; C:\Windows\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 XDva143;XDva143; \??\C:\Windows\system32\XDva143.sys []
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-26 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-30 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-01 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-01 87288]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

dudforla
2008-11-18, 04:10
:sad:I still request some help. My computer still has Virutmonde on it.
Every once in a while when I close a IE window that had any website on it. My computer opens an IE window of the same site I was on and opens another one. and another one. and another until I go to Task Manager and close iexplorer.exe

I don't know if you have too many people needing help or you are not receiving e-mail reponses but I am in need of desperate help soon

Shaba
2008-11-18, 16:03
Sorry for late reply but I didn't get any email notification from your previous reply.

"Every once in a while when I close a IE window that had any website on it. My computer opens an IE window of the same site I was on and opens another one. and another one. and another until I go to Task Manager and close iexplorer.exe"

This isn't likely malware issue unless those websites are bad? It can be IE issue.

"spybot report?.. umm
I have Virtumonde and that's all it is telling me
How bout an Hijack report"

No we need spybot report if spybot finds something :)

* Open SpyBot.
* Check for problems.
* When the scan completes, right click on the results list, select "Copy results to clipboard".
* Paste (Ctrl+V) those results into a new post.

dudforla
2008-11-18, 21:22
[quote]This isn't likely malware issue unless those websites are bad? It can be IE issue[quote]
No the websites are "normal" websites [google,yahoo,radio station,forumboards(even this one),religious websites, etc]. Also this only happens on IE so I guess I'll reinstall IE or find out the issue.



Virtumonde: [SBI $1E12D746] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2548796055-3142071288-23208715-1000\Software\Microsoft\fias4013



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2007-06-09 unins000.exe (51.41.0.0)
2008-09-26 unins001.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-09-02 Includes\Adware.sbi (*)
2008-10-27 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-10-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-10-28 Includes\Malware.sbi (*)
2008-10-28 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-10-28 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-17 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-10-28 Includes\Spyware.sbi (*)
2008-10-29 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-10-29 Includes\Trojans.sbi (*)
2008-10-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Shaba
2008-11-18, 21:30
Yes or installing IE8 beta might help as well.

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.


Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-2548796055-3142071288-23208715-1000\Software\Microsoft\fias4013]

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

Reboot.

Re-run spybot and tell me if it still finds something?

dudforla
2008-11-19, 01:22
SnD found nothing. Would you know the origin of the virus?
when I first received virtumonde it was from Limewire. Then after getting rid of it or I thought we got rid of it virtumonde came back

Shaba
2008-11-19, 12:16
Source is likely LimeWire.

What Spybot found was only a leftover, so nothing to worry about.

Still issues left?

dudforla
2008-11-20, 01:39
ah left overs well then those left overs were causing me a huge problem.
well I don't seem to have much problems on my side. I changed to IE 8 beta2.
I believe I'm just going to change back and see if the problem still happens. If it does I'll just consult with a microsoft associate.
well thanks alot! :D

Shaba
2008-11-20, 11:59
Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

You can delete rsit and c:\rsit folder.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Shaba
2008-11-22, 12:32
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.