OK - I'm back.
1. I have run Hijack this and followed your instructions on 7 out of the 8 listed entries. Only the last item
O4-HKLM\..\Run:.......etc could not be found on the list
2. Folder C:\Program Files\vtyzpoc was found to be present but I have not been able to delete it. Whe attempting to do so I get the message:
"Cannot delete ApiGenAct.dll Access is denied. Make sure disc is not full or write protected and that the file is not currently in use"
3. RSIT downloaded and run. The two resultant files are attached below:
log.txtLogfile of random's system information tool 1.04 (written by random/random)
Run by Ian at 2008-10-03 23:07:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (44%) free of 152 GB
Total RAM: 447 MB (19% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:31, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GDI\Black Gold Media Centre\GDI RecordingMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Documents and Settings\Ian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ian.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://bt.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.bt.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bt.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Black Gold Recording Monitor.lnk = C:\Program Files\GDI\Black Gold Media Centre\GDI RecordingMonitor.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O15 - Trusted Zone:
http://download.windowsupdate.comO16 - DPF: ChatSpace Full Java Client 4.0.0.320 -
http://irc.everywherechat.com:8000/Java/cfs40320.cabO16 - DPF: Yahoo! Blackjack -
http://download2.games.yahoo.com/games/ ... /jt0_x.cabO16 - DPF: Yahoo! Poker -
http://download2.games.yahoo.com/games/ ... /pt3_x.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8685 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"Ptipbmf"=C:\WINDOWS\system32\ptipbmf.dll [2003-06-20 118784]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe [2004-06-08 69721]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-03-14 3770024]
"pccguide.exe"=C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe [2006-09-29 3112960]
"4oD"=C:\Program Files\Kontiki\KHost.exe [2006-11-08 1040832]
"btbb_wcm_McciTrayApp"=C:\Program Files\btbb_wcm\McciTrayApp.exe [2006-12-07 935936]
"btbb_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe [2007-05-23 936960]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2005-03-23 1630303]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]
"OE"=C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe [2006-09-26 315392]
""= []
"kdx"=C:\Program Files\Kontiki\KHost.exe [2006-11-08 1040832]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Black Gold Recording Monitor.lnk - C:\Program Files\GDI\Black Gold Media Centre\GDI RecordingMonitor.exe
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpw42.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winpw42.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe"="C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747985d2-55f5-11db-9c35-0013d4feddff}]
shell\AutoRun\command - I:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2008-10-03 23:07:27 ----D---- C:\rsit
2008-09-28 22:41:20 ----D---- C:\Program Files\Lavasoft
2008-09-28 22:41:20 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 22:39:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-28 10:05:18 ----D---- C:\Documents and Settings\Ian\Application Data\Malwarebytes
2008-09-28 10:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 10:04:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 00:31:48 ----D---- C:\WINDOWS\Prefetch
2008-09-28 00:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-28 00:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-28 00:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-28 00:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 00:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-28 00:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-28 00:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-28 00:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-28 00:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-28 00:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-28 00:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-28 00:10:29 ----D---- C:\WINDOWS\system32\scripting
2008-09-28 00:10:28 ----D---- C:\WINDOWS\l2schemas
2008-09-28 00:10:26 ----D---- C:\WINDOWS\system32\en
2008-09-28 00:10:25 ----D---- C:\WINDOWS\system32\bits
2008-09-28 00:05:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-27 23:54:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-17 20:33:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-17 20:33:40 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-17 20:33:38 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-17 20:33:38 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-17 20:33:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-17 20:33:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-17 20:33:18 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-17 20:33:15 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-17 20:33:14 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-17 20:33:14 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-17 20:33:14 ----N---- C:\WINDOWS\slrundll.exe
2008-09-17 20:33:13 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-17 20:33:13 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-17 20:33:13 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-17 20:33:09 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-17 20:33:07 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-17 20:33:05 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-17 20:33:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-17 20:33:03 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-17 20:33:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-17 20:33:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-17 20:33:01 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-17 20:32:59 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-17 20:32:56 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-17 20:32:45 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-17 20:32:45 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-17 20:32:45 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-17 20:32:45 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-17 20:32:44 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-17 20:32:44 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-17 20:32:42 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-17 20:32:41 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-17 20:32:26 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-17 20:32:26 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-17 20:32:26 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-17 20:32:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-17 20:32:24 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-17 20:32:13 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-17 20:32:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-17 20:32:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-17 20:32:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-17 20:32:11 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-17 20:32:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-17 20:31:54 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-17 20:31:48 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-17 20:31:42 ----A---- C:\WINDOWS\003281_.tmp
2008-09-17 20:31:41 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-17 20:31:40 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-17 20:31:40 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-17 20:31:40 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-17 20:31:40 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-17 20:31:40 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-17 20:31:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-17 20:31:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-17 20:31:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-17 20:31:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-17 20:31:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-17 20:31:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-17 20:31:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-17 20:31:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-17 20:31:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-17 20:31:35 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-17 20:31:34 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-17 20:31:34 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-17 20:31:33 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-17 20:31:29 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-17 20:31:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-17 20:31:21 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-17 20:31:20 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-17 20:31:20 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-17 20:31:20 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-17 20:31:19 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-17 20:31:19 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-17 20:31:19 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-17 20:31:19 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-17 20:31:10 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-14 23:21:20 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-14 21:49:20 ----D---- C:\Program Files\vtyzpoc
2008-09-14 21:49:14 ----D---- C:\Documents and Settings\All Users\Application Data\hqzohkpu
2008-09-14 16:15:23 ----HD---- C:\WINDOWS\PIF
2008-09-09 23:54:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-07 23:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-07 23:04:50 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-09-07 23:04:31 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-09-07 23:04:03 ----HD---- C:\Program Files\CanonBJ
2008-09-07 22:25:25 ----A---- C:\WINDOWS\MAXLINK.INI
2008-09-07 22:25:20 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-07 22:25:16 ----D---- C:\Documents and Settings\Ian\Application Data\ScanSoft
2008-09-07 22:25:00 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-09-07 22:25:00 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-07 22:24:27 ----D---- C:\Program Files\ScanSoft
2008-09-07 22:20:32 ----A---- C:\WINDOWS\system32\CNMLM8R.DLL
2008-09-07 22:18:30 ----D---- C:\Program Files\Canon
======List of files/folders modified in the last 1 months======
2008-10-03 23:07:28 ----D---- C:\WINDOWS\Temp
2008-10-03 23:06:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-10-03 19:28:06 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-03 18:07:08 ----D---- C:\WINDOWS\Registration
2008-10-03 18:05:49 ----AD---- C:\WINDOWS
2008-10-02 22:26:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 23:25:23 ----D---- C:\Program Files\Trend Micro
2008-09-28 22:42:31 ----SHD---- C:\WINDOWS\Installer
2008-09-28 22:41:20 ----RD---- C:\Program Files
2008-09-28 22:41:20 ----D---- C:\WINDOWS\system32\drivers
2008-09-28 22:41:20 ----D---- C:\WINDOWS\system32
2008-09-28 22:39:43 ----D---- C:\Program Files\Common Files
2008-09-28 10:24:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-28 09:17:16 ----A---- C:\WINDOWS\win.ini
2008-09-28 00:52:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-28 00:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2008-09-28 00:32:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-28 00:32:18 ----A---- C:\WINDOWS\setuplog.txt
2008-09-28 00:31:26 ----D---- C:\WINDOWS\system32\Setup
2008-09-28 00:31:25 ----D---- C:\WINDOWS\system32\wbem
2008-09-28 00:31:25 ----D---- C:\WINDOWS\AppPatch
2008-09-28 00:31:24 ----RSD---- C:\WINDOWS\Fonts
2008-09-28 00:19:11 ----HD---- C:\WINDOWS\inf
2008-09-28 00:19:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-28 00:19:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-28 00:17:54 ----D---- C:\Program Files\Messenger
2008-09-28 00:17:22 ----D---- C:\WINDOWS\security
2008-09-28 00:15:33 ----RSD---- C:\WINDOWS\assembly
2008-09-28 00:11:27 ----D---- C:\WINDOWS\WinSxS
2008-09-28 00:10:57 ----D---- C:\WINDOWS\network diagnostic
2008-09-28 00:10:56 ----D---- C:\WINDOWS\ime
2008-09-28 00:10:56 ----D---- C:\WINDOWS\Help
2008-09-28 00:10:31 ----D---- C:\WINDOWS\system32\usmt
2008-09-28 00:10:31 ----D---- C:\WINDOWS\system32\en-US
2008-09-28 00:10:25 ----D---- C:\WINDOWS\PeerNet
2008-09-28 00:10:25 ----D---- C:\Program Files\Movie Maker
2008-09-28 00:05:09 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 00:05:09 ----D---- C:\WINDOWS\system32\npp
2008-09-28 00:05:09 ----D---- C:\WINDOWS\mui
2008-09-28 00:05:07 ----D---- C:\WINDOWS\msagent
2008-09-28 00:05:04 ----D---- C:\WINDOWS\srchasst
2008-09-28 00:05:02 ----D---- C:\Program Files\NetMeeting
2008-09-28 00:05:00 ----D---- C:\WINDOWS\system32\Com
2008-09-28 00:04:56 ----D---- C:\Program Files\Windows NT
2008-09-28 00:04:56 ----D---- C:\Program Files\Outlook Express
2008-09-28 00:04:52 ----D---- C:\Program Files\Common Files\System
2008-09-28 00:04:22 ----D---- C:\WINDOWS\system32\oobe
2008-09-28 00:04:20 ----D---- C:\WINDOWS\system
2008-09-27 23:59:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-27 23:54:39 ----D---- C:\WINDOWS\ehome
2008-09-19 20:18:32 ----SHD---- C:\System Volume Information
2008-09-14 22:31:05 ----D---- C:\WINDOWS\system32\config
2008-09-09 23:53:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-07 23:57:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-07 23:04:30 ----D---- C:\WINDOWS\twain_32
2008-09-07 22:24:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-07 22:24:57 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-06 23:01:31 ----D---- C:\Program Files\BT Broadband Desktop Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2006-09-14 68224]
R2 GDI23880;Genesis Video Capture; C:\WINDOWS\system32\drivers\gdi2vid.sys [2005-07-23 164352]
R2 GDI2BTS;Genesis BDA Transport Capture; C:\WINDOWS\system32\drivers\gdi2bts.sys [2005-07-23 13696]
R2 GDI2IR;Genesis InfraRed; C:\WINDOWS\system32\drivers\gdi2ir.sys [2005-07-23 9856]
R2 GDI2XBAR;Genesis Crossbar; C:\WINDOWS\system32\drivers\gdi2xbr.sys [2005-07-23 10112]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmmbd;Trend Micro MBD Driver; C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys [2006-09-14 101888]
R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-07-18 205328]
R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\VsapiNT.sys [2008-07-18 1195448]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-09-15 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 GDI2BDA;Black Gold Signature BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\gdi2bda.sys [2005-07-23 169088]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-08-24 281600]
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz;cpuz; \??\I:\cpuz.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 fasttx2k;fasttx2k; C:\WINDOWS\system32\DRIVERS\fasttx2k.sys [2003-08-06 159744]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-04-20 472960]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller; C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2003-05-09 89749]
S4 SI3114r;SiI-3114 SATARaid Controller; C:\WINDOWS\system32\DRIVERS\SI3114R.sys [2004-02-09 97857]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-28 611664]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2006-11-08 3068352]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe [2006-09-29 1544192]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe [2006-09-29 503808]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [2006-09-14 933952]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe [2006-09-14 561223]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe [2006-09-29 196608]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S3 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]
-----------------EOF-----------------
info.txtinfo.txt logfile of random's system information tool 1.04 2008-10-03 23:07:34
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Motive\btbb\UninstallHelper.exe
-->MsiExec.exe /I{3DF75865-E8BE-454F-9FC2-B43D26BF7BBA}
-->MsiExec.exe /I{78B223C2-E502-4702-8128-8D00C5BBE1EA}
-->MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
-->MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD-->MsiExec.exe /I {68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Black Gold Media Centre-->MsiExec.exe /X{76A6E270-286B-4f20-A247-F597D39BAA71}
BT Broadband Desktop Help-->C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub
Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini
Canon MP140 series User Registration-->C:\Program Files\Canon\IJEREG\MP140 series\UNINST.EXE
Canon MP140 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EPI Suite v3.20 (February 2007)-->C:\WINDOWS\iun507.exe C:\EPISUITE\irunin.ini
FOCUSPELMO Shell-->C:\WINDOWS\ST4UNST.EXE -n "C:\FOCUSPELMO\ST4UNST.LOG"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
InterVideo FilterSDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MDL ISIS Draw 2.5 Standalone-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MDL ISIS Draw 2.5\uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD Copy 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Tiscali 10.0-->C:\PROGRA~1\Internet\TISCAL~1.exe C:\PROGRA~1\Internet\Tiscali_uk
Tiscali Internet Access-->C:\PROGRA~1\Internet\UNWISE.EXE C:\PROGRA~1\Internet\INSTALL.LOG
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Trend Micro PC-cillin Internet Security 2007-->msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007-->MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
=====HijackThis Backups=====
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/O2 - BHO: (no name) - {769DE2A4-CC8F-1543-5037-06B74580CA43} - C:\Program Files\vtyzpoc\ApiGenAct.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.html======Security center information======
AV: Trend Micro PC-cillin Internet Security 2007
FW: Trend Micro PC-cillin Internet Security (Firewall)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\MDL Shared\ISIS
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
-----------------EOF-----------------