View Full Version : Zlob Downloader and Google redirect problem.
variablex
2008-11-14, 14:24
Hi,
For the first time in almost 2 years I find myself with a malware problem. Spybot shows Zlob Downloader present in the C:/ (not removable) and simultaneously, my firefox homepage times out looping between google.com and google.com.au. When I jump to google directly, I am redirected between some pages called code-book and mymovix (or something like that). The web page I tried to open, obviously doesn't.
Having read the prerequisites, I believe you require this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:57 PM, on 14/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\xxxx\Pictures\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{572C3DF9-24BD-4D3C-BBDA-F44B1B8BE8EA}: NameServer = 85.255.112.212;85.255.112.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B76A3DB-D9F7-49FE-A8A3-C3C1CF0EE6B3}: NameServer = 85.255.112.212;85.255.112.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D1E1BE-B110-49DC-9CD4-E00AF6AC49AC}: NameServer = 10.9.160.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF50E716-780F-4C84-96BA-4B1F85497D38}: NameServer = 85.255.112.212;85.255.112.238
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdqnq.exe (file missing)
--
End of file - 9575 bytes
I'm currently half way through a full system scan with MBAM.
Thanks. I'll post the MBAM results as I get them.
VarX.
Hi variablex
Yes please post next mbam report and run this after mbam:
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
variablex
2008-11-15, 17:57
That program worked wonders. I believe I had around 9-10 trojan files. Some have been removed while others have been quarantined. My problems seem to be resolved, but I would just like to double confirm.
I'll try that program Shaba. Thanks.
Heres my Mbam log:
Malwarebytes' Anti-Malware 1.30
Database version: 1397
Windows 6.0.6001 Service Pack 1
15/11/2008 1:46:10 AM
mbam-log-2008-11-15 (01-46-10).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 193451
Time elapsed: 1 hour(s), 38 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Pornovid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{572c3df9-24bd-4d3c-bbda-f44b1b8be8ea}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7b76a3db-d9f7-49fe-a8a3-c3c1cf0ee6b3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff50e716-780f-4c84-96ba-4b1f85497d38}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{572c3df9-24bd-4d3c-bbda-f44b1b8be8ea}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7b76a3db-d9f7-49fe-a8a3-c3c1cf0ee6b3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff50e716-780f-4c84-96ba-4b1f85497d38}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{572c3df9-24bd-4d3c-bbda-f44b1b8be8ea}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7b76a3db-d9f7-49fe-a8a3-c3c1cf0ee6b3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ff50e716-780f-4c84-96ba-4b1f85497d38}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.212;85.255.112.238 -> Quarantined and deleted successfully.
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\xxxx\Downloads\SOFTWARE\monash-connect-wireless-win-0.99.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Yes, MBAM log looks promising :)
Please post next RSIT logs.
variablex
2008-11-15, 18:02
**************LOG.TXT***************
Logfile of random's system information tool 1.04 (written by random/random)
Run by xxxx at 2008-11-16 03:59:18
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 184 GB (62%) free of 295 GB
Total RAM: 3068 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:26 AM, on 16/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\xxxx\Pictures\RSIT.exe
C:\Program Files\trend micro\xxxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D1E1BE-B110-49DC-9CD4-E00AF6AC49AC}: NameServer = 10.9.160.1
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
--
End of file - 9712 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{70A6FF83-C580-4CBD-A7C7-C006310F1129}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-07 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-14 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-14 92704]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-01-22 217088]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-29 442433]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-02 554288]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-25 222504]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-24 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-15 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-16 70912]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-16 488752]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-21 2153472]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-27 2289664]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\Windows\system32\\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-07 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 3 months======
2008-11-16 03:59:18 ----D---- C:\rsit
2008-11-16 03:59:18 ----D---- C:\Program Files\trend micro
2008-11-16 03:03:47 ----A---- C:\Windows\system32\MRT.INI
2008-11-15 16:16:50 ----A---- C:\Windows\system32\msxml3.dll
2008-11-15 16:16:48 ----A---- C:\Windows\system32\netapi32.dll
2008-11-15 16:16:46 ----A---- C:\Windows\system32\wersvc.dll
2008-11-15 16:16:46 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-15 16:16:45 ----A---- C:\Windows\system32\win32spl.dll
2008-11-15 16:16:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-15 16:16:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-15 16:16:32 ----A---- C:\Windows\system32\msxml6.dll
2008-11-15 16:16:28 ----A---- C:\Windows\system32\mshtml.dll
2008-11-15 16:16:28 ----A---- C:\Windows\system32\ieframe.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\wininet.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\urlmon.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\mstime.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\iertutil.dll
2008-11-15 16:16:26 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-15 01:47:20 ----D---- C:\Avenger
2008-11-15 01:47:20 ----A---- C:\avenger.txt
2008-11-15 00:03:57 ----D---- C:\Users\xxxx\AppData\Roaming\Malwarebytes
2008-11-15 00:03:54 ----D---- C:\ProgramData\Malwarebytes
2008-11-15 00:03:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-03 18:01:50 ----D---- C:\Windows\pss
2008-10-28 09:33:43 ----D---- C:\Users\xxxx\AppData\Roaming\Apple Computer
2008-10-28 09:33:31 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-28 09:33:31 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-28 09:33:16 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 09:33:16 ----D---- C:\Program Files\iTunes
2008-10-28 09:33:16 ----D---- C:\Program Files\iPod
2008-10-28 09:32:52 ----D---- C:\Program Files\Bonjour
2008-10-28 09:31:52 ----D---- C:\Program Files\Apple Software Update
2008-10-28 09:31:13 ----D---- C:\ProgramData\Apple
2008-10-28 09:31:13 ----D---- C:\Program Files\Common Files\Apple
2008-10-23 01:59:24 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-23 01:59:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-22 16:46:07 ----D---- C:\Program Files\MSN Messenger
2008-10-12 22:51:00 ----D---- C:\Users\xxxx\AppData\Roaming\Nero
2008-10-12 22:50:26 ----A---- C:\Windows\system32\MsiExec.exe.log
2008-10-12 22:48:21 ----D---- C:\ProgramData\Nero
2008-10-12 22:48:21 ----D---- C:\Program Files\Nero
2008-10-12 22:48:20 ----D---- C:\Program Files\Common Files\Nero
2008-10-12 22:47:07 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-12 22:47:07 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-07 21:16:42 ----D---- C:\Program Files\Common Files\xing shared
2008-10-07 20:47:00 ----A---- C:\Windows\system32\rmoc3260.dll
2008-10-07 20:46:54 ----A---- C:\Windows\system32\pndx5032.dll
2008-10-07 20:46:54 ----A---- C:\Windows\system32\pndx5016.dll
2008-10-07 20:46:54 ----A---- C:\Windows\system32\pncrt.dll
2008-10-07 20:46:52 ----D---- C:\Program Files\Common Files\Real
2008-10-07 20:46:51 ----D---- C:\Program Files\Real
2008-10-07 20:46:29 ----D---- C:\Users\xxxx\AppData\Roaming\Real
2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll
2008-09-30 01:10:36 ----D---- C:\ProgramData\Apple Computer
2008-09-28 05:15:55 ----D---- C:\Program Files\Hotspot Shield
2008-09-24 14:35:59 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-24 14:35:10 ----D---- C:\Program Files\Common Files\Adobe
2008-09-24 14:35:10 ----D---- C:\Program Files\Adobe
2008-09-24 14:32:20 ----D---- C:\ProgramData\NOS
2008-09-24 14:32:20 ----D---- C:\Program Files\NOS
2008-09-21 19:31:08 ----D---- C:\SAREGAMAPA
2008-09-21 19:29:50 ----D---- C:\Users\xxxx\AppData\Roaming\dvdcss
2008-09-21 19:27:22 ----D---- C:\Program Files\QuickTime
2008-09-21 19:27:17 ----D---- C:\Program Files\Xilisoft
2008-09-21 19:15:56 ----D---- C:\Program Files\Ahead
2008-09-21 19:15:48 ----A---- C:\Windows\system32\drmclien.dll
2008-09-19 19:19:57 ----D---- C:\Program Files\EA SPORTS
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wups2.dll
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wucltux.dll
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-16 20:31:03 ----A---- C:\Windows\system32\wups.dll
2008-09-16 20:31:03 ----A---- C:\Windows\system32\wudriver.dll
2008-09-16 20:31:03 ----A---- C:\Windows\system32\wuapi.dll
2008-09-16 20:30:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-16 20:30:55 ----A---- C:\Windows\system32\wuapp.exe
2008-09-14 05:15:44 ----D---- C:\Users\xxxx\AppData\Roaming\CyberLink
2008-09-10 17:51:23 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:51:23 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:51:05 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:51:02 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:51:02 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:51:02 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 04:01:29 ----D---- C:\Windows\SQL9_KB948109_ENU
2008-09-08 14:55:19 ----D---- C:\Program Files\SecureW2
2008-09-08 09:06:05 ----D---- C:\lgupload
2008-09-08 09:01:57 ----D---- C:\Users\xxxx\AppData\Roaming\LG Electronics
2008-09-08 08:55:21 ----D---- C:\Program Files\LG Electronics
2008-09-08 08:53:51 ----D---- C:\Program Files\LG PC Suite 2
2008-09-08 08:53:33 ----D---- C:\Users\xxxx\AppData\Roaming\InstallShield
2008-09-08 04:03:14 ----D---- C:\Program Files\PDF Annotator
2008-09-08 02:47:55 ----A---- C:\Windows\ODBC.INI
2008-09-08 02:47:09 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-08 02:46:20 ----D---- C:\Program Files\Common Files\L&H
2008-09-08 02:39:56 ----D---- C:\Program Files\PowerISO
2008-09-08 01:52:54 ----D---- C:\Users\xxxx\AppData\Roaming\Winamp
2008-09-08 01:39:55 ----D---- C:\Users\xxxx\AppData\Roaming\uTorrent
2008-09-07 05:50:46 ----D---- C:\Users\xxxx\AppData\Roaming\vlc
2008-09-07 04:53:37 ----D---- C:\Program Files\uTorrent
2008-09-07 04:50:39 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxinsi64.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\px.dll
2008-09-07 04:50:35 ----D---- C:\Program Files\Winamp
2008-09-07 04:50:04 ----D---- C:\Program Files\WinRAR
2008-09-07 04:49:22 ----D---- C:\Program Files\VideoLAN
2008-09-07 04:43:35 ----D---- C:\Downloads
2008-09-05 18:58:56 ----A---- C:\Windows\system32\tzres.dll
2008-09-05 18:57:41 ----A---- C:\Windows\system32\msshooks.dll
2008-09-05 18:57:41 ----A---- C:\Windows\system32\msscb.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-05 18:57:39 ----A---- C:\Windows\system32\propsys.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\propdefs.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\msstrc.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\msshsq.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\wsepno.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-05 18:57:38 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-05 18:57:38 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\offfilt.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\tquery.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssvp.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssrch.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssph.dll
2008-09-05 18:54:54 ----D---- C:\Program Files\MSXML 4.0
2008-09-05 18:34:21 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-05 18:34:19 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-05 18:34:13 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-05 18:25:38 ----A---- C:\Windows\system32\gameux.dll
2008-09-05 18:22:56 ----A---- C:\Windows\system32\shell32.dll
2008-09-05 18:21:08 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-05 18:21:07 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-05 18:20:58 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-05 18:20:43 ----A---- C:\Windows\system32\es.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\wshext.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\wscript.exe
2008-09-05 18:20:42 ----A---- C:\Windows\system32\vbscript.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\scrrun.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\scrobj.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\jscript.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\cscript.exe
2008-09-05 18:19:50 ----A---- C:\Windows\system32\quartz.dll
2008-09-05 18:19:41 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-05 17:49:43 ----D---- C:\ProgramData\LightScribe
2008-09-05 17:07:28 ----D---- C:\Users\xxxx\AppData\Roaming\Mozilla
2008-09-05 17:07:00 ----D---- C:\Program Files\Mozilla Firefox
2008-09-05 17:01:04 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-05 17:00:48 ----D---- C:\Program Files\Windows Live
2008-09-05 17:00:31 ----D---- C:\ProgramData\WLInstaller
2008-09-05 07:08:13 ----D---- C:\Users\xxxx\AppData\Roaming\Symantec
2008-09-05 07:07:43 ----D---- C:\Users\xxxx\AppData\Roaming\Identities
2008-09-05 07:04:35 ----D---- C:\Users\xxxx\AppData\Roaming\Macromedia
2008-09-05 07:04:08 ----D---- C:\Users\xxxx\AppData\Roaming\Adobe
2008-09-05 07:03:57 ----D---- C:\Users\xxxx\AppData\Roaming\Hewlett-Packard
2008-09-05 07:01:17 ----SD---- C:\Users\xxxx\AppData\Roaming\Microsoft
2008-09-05 07:01:17 ----D---- C:\Users\xxxx\AppData\Roaming\Media Center Programs
2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll
======List of files/folders modified in the last 3 months======
2008-11-16 03:59:26 ----D---- C:\Windows\Prefetch
2008-11-16 03:59:22 ----D---- C:\Windows\Temp
2008-11-16 03:59:18 ----RD---- C:\Program Files
2008-11-16 03:23:36 ----D---- C:\Windows\winsxs
2008-11-16 03:18:20 ----D---- C:\Windows\System32
2008-11-16 03:18:20 ----D---- C:\Windows\inf
2008-11-16 03:18:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-16 03:13:32 ----D---- C:\Windows\system32\catroot
2008-11-16 03:09:46 ----D---- C:\Windows\system32\migration
2008-11-16 03:09:46 ----D---- C:\Windows\system32\drivers
2008-11-16 03:09:46 ----D---- C:\Program Files\Windows Mail
2008-11-16 03:04:39 ----SHD---- C:\Windows\Installer
2008-11-16 03:00:57 ----D---- C:\Windows
2008-11-16 03:00:22 ----SHD---- C:\System Volume Information
2008-11-15 16:13:44 ----D---- C:\Windows\system32\catroot2
2008-11-15 00:03:54 ----HD---- C:\ProgramData
2008-11-03 16:10:26 ----A---- C:\Windows\system32\mrt.exe
2008-10-31 21:24:45 ----D---- C:\SwSetup
2008-10-28 09:31:13 ----D---- C:\Program Files\Common Files
2008-10-22 16:45:06 ----SD---- C:\ProgramData\Microsoft
2008-10-12 22:49:40 ----RSD---- C:\Windows\assembly
2008-10-12 22:48:17 ----D---- C:\Windows\Cursors
2008-10-12 22:25:47 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-12 20:22:03 ----D---- C:\Windows\system32\WDI
2008-10-07 20:46:09 ----D---- C:\Program Files\Internet Explorer
2008-10-01 17:11:28 ----D---- C:\Windows\ModemLogs
2008-09-27 22:12:41 ----D---- C:\Windows\system32\LogFiles
2008-09-24 14:35:50 ----D---- C:\ProgramData\Adobe
2008-09-19 21:03:48 ----D---- C:\Windows\system32\Tasks
2008-09-19 19:48:05 ----D---- C:\Windows\rescache
2008-09-19 19:41:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 19:30:30 ----D---- C:\Windows\system32\en-US
2008-09-14 05:15:09 ----D---- C:\ProgramData\CyberLink
2008-09-11 10:15:06 ----D---- C:\Windows\AppPatch
2008-09-10 04:02:15 ----A---- C:\Windows\win.ini
2008-09-09 05:16:34 ----D---- C:\Windows\Debug
2008-09-09 04:01:44 ----D---- C:\Program Files\Microsoft SQL Server
2008-09-08 15:55:14 ----RSD---- C:\Windows\Fonts
2008-09-08 15:49:06 ----D---- C:\ProgramData\Microsoft Help
2008-09-08 15:49:04 ----D---- C:\Program Files\Microsoft Office
2008-09-08 15:49:00 ----D---- C:\Windows\ShellNew
2008-09-08 04:04:39 ----D---- C:\Windows\Registration
2008-09-08 02:47:08 ----D---- C:\Windows\IME
2008-09-08 02:46:54 ----D---- C:\Windows\Help
2008-09-08 02:46:45 ----D---- C:\Program Files\Common Files\System
2008-09-08 02:44:17 ----D---- C:\Windows\system
2008-09-07 20:34:57 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-07 20:31:59 ----D---- C:\ProgramData\Symantec
2008-09-07 20:28:46 ----D---- C:\Windows\Tasks
2008-09-05 23:51:25 ----D---- C:\Windows\panther
2008-09-05 20:12:11 ----D---- C:\Windows\Logs
2008-09-05 20:11:24 ----D---- C:\Windows\SMINST
2008-09-05 19:55:01 ----D---- C:\Windows\PolicyDefinitions
2008-09-05 19:55:00 ----D---- C:\Windows\ehome
2008-09-05 19:00:03 ----D---- C:\Windows\Microsoft.NET
2008-09-05 18:55:05 ----D---- C:\Windows\SoftwareDistribution
2008-09-05 18:44:46 ----D---- C:\Windows\system32\NDF
2008-09-05 07:07:55 ----SHD---- C:\$RECYCLE.BIN
2008-09-05 07:03:53 ----RD---- C:\Program Files\Online Services
2008-09-05 07:03:12 ----HD---- C:\System.sav
2008-09-05 07:03:12 ----D---- C:\Windows\system32\restore
2008-09-05 07:01:17 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-28 34664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-01 166448]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-25 23040]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-25 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-25 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-14 7443872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-06-25 149504]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-29 378880]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-06-25 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe [2008-02-13 73728]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-12 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-08-28 84440]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-16 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-19 19456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-27 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-14 118784]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-24 292232]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-24 112008]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe [2008-04-29 221239]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-04 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-26 148832]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-16 03:59:28
======Uninstall list======
-->"C:\Program Files\HP Games\5 Card Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Digby's Donuts\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewels of Cleopatra\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Overball\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Rainbow Mystery\Uninstall.exe"
-->"C:\Program Files\HP Games\Rainbow Web\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Trijinx\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DVD Ripper Platinum 4-->C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotspot Shield 1.07-->C:\Program Files\Hotspot Shield\Uninstall.exe
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0101-->MsiExec.exe /I{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Annotator 2.0.0.244-->"C:\Program Files\PDF Annotator\unins000.exe"
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{AAD72731-807A-4B79-AE05-9190B7002B7B}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
SecureW2 EAP Suite 1.0.6 for Windows-->C:\Program Files\SecureW2\Uninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AS: Windows Defender
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\CyberLink\Power2Go;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete info.txt from c:\rsit folder.
Please run a new RSIT scan when finished and post the log back here.
variablex
2008-11-15, 18:07
Is it possible to scrap this thread Shaba? My name isn't very common and I believe this page can be found through Google.
Thanks again :)
If you mean that if I can edit out your username, that is possible, yes.
variablex
2008-11-15, 18:10
Info.txt failed to open this time around. Hope it's not too big of an issue.
Logfile of random's system information tool 1.04 (written by random/random)
Run by xxxx at 2008-11-16 04:09:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 184 GB (62%) free of 295 GB
Total RAM: 3068 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:28 AM, on 16/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\xxxx\Pictures\RSIT.exe
C:\Program Files\trend micro\xxxx.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8D1E1BE-B110-49DC-9CD4-E00AF6AC49AC}: NameServer = 10.9.160.1
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe
--
End of file - 9583 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{70A6FF83-C580-4CBD-A7C7-C006310F1129}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-07 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-14 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-14 92704]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-01-22 217088]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-29 442433]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-02 554288]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-25 222504]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-24 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-15 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-16 70912]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-16 488752]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-22 1261200]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-21 2153472]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-27 2289664]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\Windows\system32\\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-07 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 3 months======
2008-11-16 03:59:18 ----D---- C:\rsit
2008-11-16 03:59:18 ----D---- C:\Program Files\trend micro
2008-11-16 03:03:47 ----A---- C:\Windows\system32\MRT.INI
2008-11-15 16:16:50 ----A---- C:\Windows\system32\msxml3.dll
2008-11-15 16:16:48 ----A---- C:\Windows\system32\netapi32.dll
2008-11-15 16:16:46 ----A---- C:\Windows\system32\wersvc.dll
2008-11-15 16:16:46 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-15 16:16:45 ----A---- C:\Windows\system32\win32spl.dll
2008-11-15 16:16:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-15 16:16:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-15 16:16:32 ----A---- C:\Windows\system32\msxml6.dll
2008-11-15 16:16:28 ----A---- C:\Windows\system32\mshtml.dll
2008-11-15 16:16:28 ----A---- C:\Windows\system32\ieframe.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\wininet.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\urlmon.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\mstime.dll
2008-11-15 16:16:27 ----A---- C:\Windows\system32\iertutil.dll
2008-11-15 16:16:26 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-15 01:47:20 ----D---- C:\Avenger
2008-11-15 01:47:20 ----A---- C:\avenger.txt
2008-11-15 00:03:57 ----D---- C:\Users\xxxx\AppData\Roaming\Malwarebytes
2008-11-15 00:03:54 ----D---- C:\ProgramData\Malwarebytes
2008-11-15 00:03:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-03 18:01:50 ----D---- C:\Windows\pss
2008-10-28 09:33:43 ----D---- C:\Users\xxxx\AppData\Roaming\Apple Computer
2008-10-28 09:33:31 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-28 09:33:31 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-28 09:33:16 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-28 09:33:16 ----D---- C:\Program Files\iTunes
2008-10-28 09:33:16 ----D---- C:\Program Files\iPod
2008-10-28 09:32:52 ----D---- C:\Program Files\Bonjour
2008-10-28 09:31:52 ----D---- C:\Program Files\Apple Software Update
2008-10-28 09:31:13 ----D---- C:\ProgramData\Apple
2008-10-28 09:31:13 ----D---- C:\Program Files\Common Files\Apple
2008-10-23 01:59:24 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-23 01:59:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-22 16:46:07 ----D---- C:\Program Files\MSN Messenger
2008-10-12 22:51:00 ----D---- C:\Users\xxxx\AppData\Roaming\Nero
2008-10-12 22:50:26 ----A---- C:\Windows\system32\MsiExec.exe.log
2008-10-12 22:48:21 ----D---- C:\ProgramData\Nero
2008-10-12 22:48:21 ----D---- C:\Program Files\Nero
2008-10-12 22:48:20 ----D---- C:\Program Files\Common Files\Nero
2008-10-12 22:47:07 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-12 22:47:07 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-07 21:16:42 ----D---- C:\Program Files\Common Files\xing shared
2008-10-07 20:47:00 ----A---- C:\Windows\system32\rmoc3260.dll
2008-10-07 20:46:54 ----A---- C:\Windows\system32\pndx5032.dll
2008-10-07 20:46:54 ----A---- C:\Windows\system32\pndx5016.dll
2008-10-07 20:46:54 ----A---- C:\Windows\system32\pncrt.dll
2008-10-07 20:46:52 ----D---- C:\Program Files\Common Files\Real
2008-10-07 20:46:51 ----D---- C:\Program Files\Real
2008-10-07 20:46:29 ----D---- C:\Users\xxxx\AppData\Roaming\Real
2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll
2008-09-30 01:10:36 ----D---- C:\ProgramData\Apple Computer
2008-09-28 05:15:55 ----D---- C:\Program Files\Hotspot Shield
2008-09-24 14:35:59 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-24 14:35:10 ----D---- C:\Program Files\Common Files\Adobe
2008-09-24 14:35:10 ----D---- C:\Program Files\Adobe
2008-09-24 14:32:20 ----D---- C:\ProgramData\NOS
2008-09-24 14:32:20 ----D---- C:\Program Files\NOS
2008-09-21 19:31:08 ----D---- C:\SAREGAMAPA
2008-09-21 19:29:50 ----D---- C:\Users\xxxx\AppData\Roaming\dvdcss
2008-09-21 19:27:22 ----D---- C:\Program Files\QuickTime
2008-09-21 19:27:17 ----D---- C:\Program Files\Xilisoft
2008-09-21 19:15:56 ----D---- C:\Program Files\Ahead
2008-09-21 19:15:48 ----A---- C:\Windows\system32\drmclien.dll
2008-09-19 19:19:57 ----D---- C:\Program Files\EA SPORTS
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wups2.dll
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wucltux.dll
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-16 20:31:22 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-16 20:31:03 ----A---- C:\Windows\system32\wups.dll
2008-09-16 20:31:03 ----A---- C:\Windows\system32\wudriver.dll
2008-09-16 20:31:03 ----A---- C:\Windows\system32\wuapi.dll
2008-09-16 20:30:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-16 20:30:55 ----A---- C:\Windows\system32\wuapp.exe
2008-09-14 05:15:44 ----D---- C:\Users\xxxx\AppData\Roaming\CyberLink
2008-09-10 17:51:23 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 17:51:23 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 17:51:05 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 17:51:02 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 17:51:02 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 17:51:02 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 04:01:29 ----D---- C:\Windows\SQL9_KB948109_ENU
2008-09-08 14:55:19 ----D---- C:\Program Files\SecureW2
2008-09-08 09:06:05 ----D---- C:\lgupload
2008-09-08 09:01:57 ----D---- C:\Users\xxxx\AppData\Roaming\LG Electronics
2008-09-08 08:55:21 ----D---- C:\Program Files\LG Electronics
2008-09-08 08:53:51 ----D---- C:\Program Files\LG PC Suite 2
2008-09-08 08:53:33 ----D---- C:\Users\xxxx\AppData\Roaming\InstallShield
2008-09-08 04:03:14 ----D---- C:\Program Files\PDF Annotator
2008-09-08 02:47:55 ----A---- C:\Windows\ODBC.INI
2008-09-08 02:47:09 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-08 02:46:20 ----D---- C:\Program Files\Common Files\L&H
2008-09-08 02:39:56 ----D---- C:\Program Files\PowerISO
2008-09-08 01:52:54 ----D---- C:\Users\xxxx\AppData\Roaming\Winamp
2008-09-08 01:39:55 ----D---- C:\Users\xxxx\AppData\Roaming\uTorrent
2008-09-07 05:50:46 ----D---- C:\Users\xxxx\AppData\Roaming\vlc
2008-09-07 04:50:39 ----N---- C:\Windows\system32\vxblock.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxwave.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxmas.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxinsi64.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-07 04:50:39 ----N---- C:\Windows\system32\pxafs.dll
2008-09-07 04:50:39 ----N---- C:\Windows\system32\px.dll
2008-09-07 04:50:35 ----D---- C:\Program Files\Winamp
2008-09-07 04:50:04 ----D---- C:\Program Files\WinRAR
2008-09-07 04:49:22 ----D---- C:\Program Files\VideoLAN
2008-09-07 04:43:35 ----D---- C:\Downloads
2008-09-05 18:58:56 ----A---- C:\Windows\system32\tzres.dll
2008-09-05 18:57:41 ----A---- C:\Windows\system32\msshooks.dll
2008-09-05 18:57:41 ----A---- C:\Windows\system32\msscb.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\thawbrkr.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-09-05 18:57:39 ----A---- C:\Windows\system32\propsys.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\propdefs.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\msstrc.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\mssprxy.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\mssitlb.dll
2008-09-05 18:57:39 ----A---- C:\Windows\system32\msshsq.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\xmlfilter.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\wsepno.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\srchadmin.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-09-05 18:57:38 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-09-05 18:57:38 ----A---- C:\Windows\system32\rtffilt.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\offfilt.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\nlhtml.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\msscntrs.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\mimefilt.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\korwbrkr.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\chtbrkr.dll
2008-09-05 18:57:38 ----A---- C:\Windows\system32\chsbrkr.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\tquery.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssvp.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssrch.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssphtb.dll
2008-09-05 18:57:37 ----A---- C:\Windows\system32\mssph.dll
2008-09-05 18:54:54 ----D---- C:\Program Files\MSXML 4.0
2008-09-05 18:34:21 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-09-05 18:34:19 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-09-05 18:34:13 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-09-05 18:25:38 ----A---- C:\Windows\system32\gameux.dll
2008-09-05 18:22:56 ----A---- C:\Windows\system32\shell32.dll
2008-09-05 18:21:08 ----A---- C:\Windows\system32\rpcrt4.dll
2008-09-05 18:21:07 ----A---- C:\Windows\system32\pacerprf.dll
2008-09-05 18:20:58 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-09-05 18:20:43 ----A---- C:\Windows\system32\es.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\wshext.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\wscript.exe
2008-09-05 18:20:42 ----A---- C:\Windows\system32\vbscript.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\scrrun.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\scrobj.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\jscript.dll
2008-09-05 18:20:42 ----A---- C:\Windows\system32\cscript.exe
2008-09-05 18:19:50 ----A---- C:\Windows\system32\quartz.dll
2008-09-05 18:19:41 ----A---- C:\Windows\system32\inetcomm.dll
2008-09-05 17:49:43 ----D---- C:\ProgramData\LightScribe
2008-09-05 17:07:28 ----D---- C:\Users\xxxx\AppData\Roaming\Mozilla
2008-09-05 17:07:00 ----D---- C:\Program Files\Mozilla Firefox
2008-09-05 17:01:04 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-05 17:00:48 ----D---- C:\Program Files\Windows Live
2008-09-05 17:00:31 ----D---- C:\ProgramData\WLInstaller
2008-09-05 07:08:13 ----D---- C:\Users\xxxx\AppData\Roaming\Symantec
2008-09-05 07:07:43 ----D---- C:\Users\xxxx\AppData\Roaming\Identities
2008-09-05 07:04:35 ----D---- C:\Users\xxxx\AppData\Roaming\Macromedia
2008-09-05 07:04:08 ----D---- C:\Users\xxxx\AppData\Roaming\Adobe
2008-09-05 07:03:57 ----D---- C:\Users\xxxx\AppData\Roaming\Hewlett-Packard
2008-09-05 07:01:17 ----SD---- C:\Users\xxxx\AppData\Roaming\Microsoft
2008-09-05 07:01:17 ----D---- C:\Users\xxxx\AppData\Roaming\Media Center Programs
2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll
======List of files/folders modified in the last 3 months======
2008-11-16 04:09:22 ----D---- C:\Windows\Temp
2008-11-16 04:08:53 ----RD---- C:\Program Files
2008-11-16 04:08:51 ----D---- C:\Windows\Prefetch
2008-11-16 03:23:36 ----D---- C:\Windows\winsxs
2008-11-16 03:18:20 ----D---- C:\Windows\System32
2008-11-16 03:18:20 ----D---- C:\Windows\inf
2008-11-16 03:18:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-16 03:13:32 ----D---- C:\Windows\system32\catroot
2008-11-16 03:09:46 ----D---- C:\Windows\system32\migration
2008-11-16 03:09:46 ----D---- C:\Windows\system32\drivers
2008-11-16 03:09:46 ----D---- C:\Program Files\Windows Mail
2008-11-16 03:04:39 ----SHD---- C:\Windows\Installer
2008-11-16 03:00:57 ----D---- C:\Windows
2008-11-16 03:00:22 ----SHD---- C:\System Volume Information
2008-11-15 16:13:44 ----D---- C:\Windows\system32\catroot2
2008-11-15 00:03:54 ----HD---- C:\ProgramData
2008-11-03 16:10:26 ----A---- C:\Windows\system32\mrt.exe
2008-10-31 21:24:45 ----D---- C:\SwSetup
2008-10-28 09:31:13 ----D---- C:\Program Files\Common Files
2008-10-22 16:45:06 ----SD---- C:\ProgramData\Microsoft
2008-10-12 22:49:40 ----RSD---- C:\Windows\assembly
2008-10-12 22:48:17 ----D---- C:\Windows\Cursors
2008-10-12 22:25:47 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-12 20:22:03 ----D---- C:\Windows\system32\WDI
2008-10-07 20:46:09 ----D---- C:\Program Files\Internet Explorer
2008-10-01 17:11:28 ----D---- C:\Windows\ModemLogs
2008-09-27 22:12:41 ----D---- C:\Windows\system32\LogFiles
2008-09-24 14:35:50 ----D---- C:\ProgramData\Adobe
2008-09-19 21:03:48 ----D---- C:\Windows\system32\Tasks
2008-09-19 19:48:05 ----D---- C:\Windows\rescache
2008-09-19 19:41:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 19:30:30 ----D---- C:\Windows\system32\en-US
2008-09-14 05:15:09 ----D---- C:\ProgramData\CyberLink
2008-09-11 10:15:06 ----D---- C:\Windows\AppPatch
2008-09-10 04:02:15 ----A---- C:\Windows\win.ini
2008-09-09 05:16:34 ----D---- C:\Windows\Debug
2008-09-09 04:01:44 ----D---- C:\Program Files\Microsoft SQL Server
2008-09-08 15:55:14 ----RSD---- C:\Windows\Fonts
2008-09-08 15:49:06 ----D---- C:\ProgramData\Microsoft Help
2008-09-08 15:49:04 ----D---- C:\Program Files\Microsoft Office
2008-09-08 15:49:00 ----D---- C:\Windows\ShellNew
2008-09-08 04:04:39 ----D---- C:\Windows\Registration
2008-09-08 02:47:08 ----D---- C:\Windows\IME
2008-09-08 02:46:54 ----D---- C:\Windows\Help
2008-09-08 02:46:45 ----D---- C:\Program Files\Common Files\System
2008-09-08 02:44:17 ----D---- C:\Windows\system
2008-09-07 20:34:57 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-07 20:31:59 ----D---- C:\ProgramData\Symantec
2008-09-07 20:28:46 ----D---- C:\Windows\Tasks
2008-09-05 23:51:25 ----D---- C:\Windows\panther
2008-09-05 20:12:11 ----D---- C:\Windows\Logs
2008-09-05 20:11:24 ----D---- C:\Windows\SMINST
2008-09-05 19:55:01 ----D---- C:\Windows\PolicyDefinitions
2008-09-05 19:55:00 ----D---- C:\Windows\ehome
2008-09-05 19:00:03 ----D---- C:\Windows\Microsoft.NET
2008-09-05 18:55:05 ----D---- C:\Windows\SoftwareDistribution
2008-09-05 18:44:46 ----D---- C:\Windows\system32\NDF
2008-09-05 07:07:55 ----SHD---- C:\$RECYCLE.BIN
2008-09-05 07:03:53 ----RD---- C:\Program Files\Online Services
2008-09-05 07:03:12 ----HD---- C:\System.sav
2008-09-05 07:03:12 ----D---- C:\Windows\system32\restore
2008-09-05 07:01:17 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-28 34664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-01 166448]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-25 23040]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-25 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-25 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-14 7443872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-06-25 149504]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-15 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-29 378880]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-06-25 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\aestsrv.exe [2008-02-13 73728]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-12 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-08-28 84440]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-16 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-19 19456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-27 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-14 118784]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-24 292232]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-24 112008]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\STacSV.exe [2008-04-29 221239]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-04 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-26 148832]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
-----------------EOF-----------------
variablex
2008-11-15, 18:12
If you mean that if I can edit out your username, that is possible, yes.
Sorry I meant my real name. "xxxx"
Thanks again.
I have now edited them.
Do they look OK?
variablex
2008-11-15, 18:23
I have now edited them.
Do they look OK?
3 left :)
Oh and I uninstalled Utorrent and posted the log aswell. Hows it looking?
variablex
2008-11-15, 18:31
How about now? :)
I love you guys =]
Can't thank you enough. Nice to find MBAM off your forums aswell.
Keep up the great work, you're really making a difference. Nice to see there are people fighting against the crums who intentionally create and distribute viruses.
take care.
VarX.
Before judging that you are clean, let's run one online scan:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.