Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-14 17:44:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 348 GB (74%) free of 468 GB
Total RAM: 3006 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:11 PM, on 4/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\hp\kbd\kbd.exe
C:\Users\Owner\Downloads\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
C:\Windows\system32\msfeedssync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) -
http://picasaweb.google.com/s/v/58.14/uploader2.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... ader55.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10201 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{50873598-2ACB-4E95-9CE1-AAE664A04327}.job
C:\Windows\tasks\User_Feed_Synchronization-{7E403217-555D-4AA3-905A-4C065A916971}.job
C:\Windows\tasks\User_Feed_Synchronization-{9E47D827-02FC-4C56-ABB8-FAD3F71BE6B6}.job
C:\Windows\tasks\User_Feed_Synchronization-{D64E7602-2D70-418C-9D84-F0204557083B}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-08 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
(Gaming)2 - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll [2008-03-03 635392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\Windows\System32\TwcToolbarIe7.dll [2009-06-23 331776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-25 4702208]
"LELA"=C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01 131072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-01-26 1020248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-08 198160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"ActivControl"=C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [2009-10-22 1088800]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-09-12 492808]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
tisspwiz.lnk - C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe index.html
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04486053-5093-11de-aa1d-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fcdfd93-17a3-11dd-8686-001bb9deecb4}]
shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40044b49-edb7-11dd-a042-001bb9deecb4}]
shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67d9d14d-f8dc-11dd-8c05-001bb9deecb4}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7349-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7714-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\LaunchU3.exe -a
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-04-14 17:40:07 ----D---- C:\rsit
2010-04-14 16:38:35 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2010-04-14 16:38:18 ----D---- C:\ProgramData\Malwarebytes
2010-04-14 16:38:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 13:31:06 ----SHD---- C:\Config.Msi
2010-04-14 13:28:17 ----A---- C:\Windows\system32\jucheck.exe
2010-04-14 13:28:16 ----A---- C:\Windows\system32\jusched.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 13:10:06 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 13:07:36 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 12:52:55 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 12:52:51 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 10:56:02 ----D---- C:\Users\Owner\AppData\Roaming\Promethean
2010-04-13 10:53:52 ----D---- C:\ProgramData\Promethean
2010-04-13 10:51:54 ----D---- C:\Users\Owner\AppData\Roaming\ACTIV Software
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files\Activ Software
2010-04-13 10:51:47 ----D---- C:\ProgramData\Activ Software
2010-04-13 10:51:47 ----D---- C:\Program Files\Activ Software
2010-04-12 09:26:33 ----D---- C:\swsetup
2010-04-09 17:15:37 ----D---- C:\Users\Owner\AppData\Roaming\Turning Technologies
2010-04-09 17:08:01 ----A---- C:\Windows\system32\hdduinst.exe
2010-04-09 17:08:00 ----A---- C:\Windows\system32\haspds_windows.dll
2010-04-09 17:07:59 ----A---- C:\Windows\system32\UNWISE.EXE
2010-04-09 17:07:59 ----A---- C:\Windows\system32\hinstd.dll
2010-04-09 17:07:41 ----D---- C:\Program Files\Turning Technologies
2010-04-09 17:06:07 ----D---- C:\ProgramData\Turning Technologies
2010-04-09 15:26:49 ----D---- C:\Users\Owner\AppData\Roaming\WinBatch
2010-04-06 13:10:35 ----D---- C:\Users\Owner\AppData\Roaming\MemoryClinic
2010-04-01 12:11:28 ----D---- C:\ProgramData\Sun
2010-03-30 15:04:55 ----A---- C:\Windows\system32\mshtml.dll
2010-03-30 15:04:54 ----A---- C:\Windows\system32\ieframe.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\wininet.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\urlmon.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\occache.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieui.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesetup.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iernonce.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iepeers.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-29 22:01:18 ----D---- C:\ProgramData\Nevosoft
2010-03-29 18:01:27 ----D---- C:\Users\Owner\AppData\Roaming\Silverback Productions
2010-03-19 20:22:09 ----D---- C:\ProgramData\EdensQuest
======List of files/folders modified in the last 1 months======
2010-04-14 17:45:11 ----D---- C:\Program Files\Trend Micro
2010-04-14 17:44:59 ----D---- C:\Windows\Temp
2010-04-14 17:15:04 ----D---- C:\Windows\tracing
2010-04-14 16:53:39 ----D---- C:\Windows\system32\drivers
2010-04-14 16:53:39 ----D---- C:\Windows\ServiceProfiles
2010-04-14 16:51:51 ----D---- C:\Program Files
2010-04-14 16:51:50 ----HD---- C:\ProgramData
2010-04-14 16:19:24 ----D---- C:\Windows\system32\config
2010-04-14 16:19:17 ----D---- C:\Windows\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\wbem
2010-04-14 16:19:17 ----D---- C:\Windows\system32\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\spool
2010-04-14 16:19:17 ----D---- C:\Windows\registration
2010-04-14 16:19:17 ----D---- C:\Windows\inf
2010-04-14 16:19:17 ----D---- C:\Windows
2010-04-14 14:01:15 ----D---- C:\Windows\winsxs
2010-04-14 13:50:57 ----D---- C:\Windows\Prefetch
2010-04-14 13:50:03 ----D---- C:\Windows\system32\catroot
2010-04-14 13:49:59 ----D---- C:\Windows\system32\catroot2
2010-04-14 13:47:34 ----D---- C:\Windows\System32
2010-04-14 13:47:33 ----D---- C:\Program Files\Windows Mail
2010-04-14 13:47:24 ----D---- C:\Program Files\Google
2010-04-14 13:45:57 ----SHD---- C:\Windows\Installer
2010-04-14 13:45:49 ----D---- C:\ProgramData\Microsoft Help
2010-04-14 13:39:09 ----SHD---- C:\System Volume Information
2010-04-14 13:28:59 ----D---- C:\Program Files\Java
2010-04-14 13:25:20 ----D---- C:\ProgramData\Google
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files
2010-04-12 09:29:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-12 09:28:31 ----RSD---- C:\Windows\assembly
2010-04-12 09:28:25 ----D---- C:\Program Files\Hewlett-Packard
2010-04-11 20:35:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-11 20:33:46 ----D---- C:\Users\Owner\AppData\Roaming\U3
2010-04-10 09:41:20 ----D---- C:\ProgramData\WildTangent
2010-04-09 17:08:58 ----D---- C:\Windows\system32\setup
2010-04-09 16:40:20 ----D---- C:\ProgramData\NVIDIA
2010-04-09 14:27:33 ----A---- C:\Windows\ntbtlog.txt
2010-04-07 22:42:58 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2010-04-07 22:42:58 ----D---- C:\ProgramData\Flood Light Games
2010-04-07 22:28:59 ----D---- C:\Program Files\HP Games
2010-04-06 13:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-04 02:16:44 ----D---- C:\Users\Owner\AppData\Roaming\Opera
2010-04-03 21:31:04 ----D---- C:\Program Files\Opera
2010-04-03 01:15:57 ----SD---- C:\Windows\Downloaded Program Files
2010-04-03 01:15:54 ----D---- C:\Windows\system32\Msdtc
2010-04-03 01:15:54 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-03 01:15:53 ----D---- C:\Windows\Minidump
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Thunderbird
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Restorer
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\Chessmaster Challenge
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\BloodTies
2010-04-02 20:45:16 ----D---- C:\Windows\pss
2010-04-02 19:06:57 ----D---- C:\Program Files\Hardwood Spades
2010-04-01 12:11:23 ----D---- C:\Program Files\Common Files\Java
2010-04-01 12:00:10 ----D---- C:\Windows\system32\LogFiles
2010-03-31 03:12:22 ----D---- C:\Windows\system32\migration
2010-03-31 03:12:22 ----D---- C:\Program Files\Internet Explorer
2010-03-20 20:36:22 ----D---- C:\ProgramData\PlayFirst
2010-03-17 19:49:47 ----D---- C:\ProgramData\Adobe
2010-03-17 19:49:47 ----D---- C:\Program Files\Common Files\Adobe
2010-03-16 17:35:49 ----D---- C:\Windows\system32\WDI
2010-03-16 11:58:27 ----A---- C:\Windows\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2008-06-11 53752]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-09-12 146448]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-12 89872]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-04-09 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-04-09 26424]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-09-12 158224]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-09-12 283152]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-12-04 230928]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-12-04 1322680]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-25 2015192]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-09-12 59920]
R3 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-09-12 50704]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VWan2k;BroadJump PPPoE Adapter; C:\Windows\system32\DRIVERS\VWan2k.SYS [2003-05-10 29228]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 VProt2k;BroadJump PPPoE Helper Protocol; C:\Windows\system32\DRIVERS\VProt2k.SYS []
S3 APL531;OVT Scanner; C:\Windows\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-09-23 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-09-23 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 VCR2PC;VCR2PC Analog Capture; C:\Windows\system32\DRIVERS\0140_ION.sys [2008-05-08 277888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2007-04-25 73728]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-06-11 87344]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-04-09 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-01-26 715368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-12 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-09-12 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-12 689416]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-03 246520]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.orgDatabase version: 3988
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
4/14/2010 4:51:51 PM
mbam-log-2010-04-14 (16-51-51).txt
Scan type: Quick scan
Objects scanned: 137134
Time elapsed: 9 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 40
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{3fc8c143-f2cc-4ab1-9ac0-8b1407302795} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3fc8c143-f2cc-4ab1-9ac0-8b1407302795} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\SCToolbar.dll (Rogue.SystemOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sctoolbar.shellband (Rogue.SystemOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sctoolbar.shellband.1 (Rogue.SystemOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4ad56e6f-7074-41ee-8a40-583c2c76efcd} (Rogue.PCSuperCharger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\ADSL Software Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
Files Infected:
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080702115717617.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080702120424995.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Owner\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Owner\Favorites\Favorites\Antivirus Scan.URL (Rogue.Link) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-14 17:54:39
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 348 GB (74%) free of 468 GB
Total RAM: 3006 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:40 PM, on 4/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Owner\Downloads\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) -
http://picasaweb.google.com/s/v/58.14/uploader2.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... ader55.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10235 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{50873598-2ACB-4E95-9CE1-AAE664A04327}.job
C:\Windows\tasks\User_Feed_Synchronization-{7E403217-555D-4AA3-905A-4C065A916971}.job
C:\Windows\tasks\User_Feed_Synchronization-{9E47D827-02FC-4C56-ABB8-FAD3F71BE6B6}.job
C:\Windows\tasks\User_Feed_Synchronization-{D64E7602-2D70-418C-9D84-F0204557083B}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-12-08 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
(Gaming)2 - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll [2008-03-03 635392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\Windows\System32\TwcToolbarIe7.dll [2009-06-23 331776]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-25 4702208]
"LELA"=C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01 131072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-01-26 1020248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-08 198160]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"ActivControl"=C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [2009-10-22 1088800]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-09-12 492808]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
tisspwiz.lnk - C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe index.html
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04486053-5093-11de-aa1d-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fcdfd93-17a3-11dd-8686-001bb9deecb4}]
shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40044b49-edb7-11dd-a042-001bb9deecb4}]
shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67d9d14d-f8dc-11dd-8c05-001bb9deecb4}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7349-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9e7714-bf53-11dc-afd6-001bb9deecb4}]
shell\AutoRun\command - J:\LaunchU3.exe -a
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-04-14 17:40:07 ----D---- C:\rsit
2010-04-14 16:38:35 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2010-04-14 16:38:18 ----D---- C:\ProgramData\Malwarebytes
2010-04-14 16:38:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 13:31:06 ----SHD---- C:\Config.Msi
2010-04-14 13:28:17 ----A---- C:\Windows\system32\jucheck.exe
2010-04-14 13:28:16 ----A---- C:\Windows\system32\jusched.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 13:10:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 13:10:06 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 13:07:36 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 12:52:55 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 12:52:51 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 10:56:02 ----D---- C:\Users\Owner\AppData\Roaming\Promethean
2010-04-13 10:53:52 ----D---- C:\ProgramData\Promethean
2010-04-13 10:51:54 ----D---- C:\Users\Owner\AppData\Roaming\ACTIV Software
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files\Activ Software
2010-04-13 10:51:47 ----D---- C:\ProgramData\Activ Software
2010-04-13 10:51:47 ----D---- C:\Program Files\Activ Software
2010-04-12 09:26:33 ----D---- C:\swsetup
2010-04-09 17:15:37 ----D---- C:\Users\Owner\AppData\Roaming\Turning Technologies
2010-04-09 17:08:01 ----A---- C:\Windows\system32\hdduinst.exe
2010-04-09 17:08:00 ----A---- C:\Windows\system32\haspds_windows.dll
2010-04-09 17:07:59 ----A---- C:\Windows\system32\UNWISE.EXE
2010-04-09 17:07:59 ----A---- C:\Windows\system32\hinstd.dll
2010-04-09 17:07:41 ----D---- C:\Program Files\Turning Technologies
2010-04-09 17:06:07 ----D---- C:\ProgramData\Turning Technologies
2010-04-09 15:26:49 ----D---- C:\Users\Owner\AppData\Roaming\WinBatch
2010-04-06 13:10:35 ----D---- C:\Users\Owner\AppData\Roaming\MemoryClinic
2010-04-01 12:11:28 ----D---- C:\ProgramData\Sun
2010-03-30 15:04:55 ----A---- C:\Windows\system32\mshtml.dll
2010-03-30 15:04:54 ----A---- C:\Windows\system32\ieframe.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\wininet.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\urlmon.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\occache.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 15:04:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ieui.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iesetup.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iernonce.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\iepeers.dll
2010-03-30 15:04:52 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-29 22:01:18 ----D---- C:\ProgramData\Nevosoft
2010-03-29 18:01:27 ----D---- C:\Users\Owner\AppData\Roaming\Silverback Productions
2010-03-19 20:22:09 ----D---- C:\ProgramData\EdensQuest
======List of files/folders modified in the last 1 months======
2010-04-14 17:54:40 ----D---- C:\Program Files\Trend Micro
2010-04-14 17:54:36 ----D---- C:\Windows\Temp
2010-04-14 17:15:04 ----D---- C:\Windows\tracing
2010-04-14 16:53:39 ----D---- C:\Windows\system32\drivers
2010-04-14 16:53:39 ----D---- C:\Windows\ServiceProfiles
2010-04-14 16:51:51 ----D---- C:\Program Files
2010-04-14 16:51:50 ----HD---- C:\ProgramData
2010-04-14 16:19:24 ----D---- C:\Windows\system32\config
2010-04-14 16:19:17 ----D---- C:\Windows\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\wbem
2010-04-14 16:19:17 ----D---- C:\Windows\system32\Tasks
2010-04-14 16:19:17 ----D---- C:\Windows\system32\spool
2010-04-14 16:19:17 ----D---- C:\Windows\registration
2010-04-14 16:19:17 ----D---- C:\Windows\inf
2010-04-14 16:19:17 ----D---- C:\Windows
2010-04-14 14:01:15 ----D---- C:\Windows\winsxs
2010-04-14 13:50:57 ----D---- C:\Windows\Prefetch
2010-04-14 13:50:03 ----D---- C:\Windows\system32\catroot
2010-04-14 13:49:59 ----D---- C:\Windows\system32\catroot2
2010-04-14 13:47:34 ----D---- C:\Windows\System32
2010-04-14 13:47:33 ----D---- C:\Program Files\Windows Mail
2010-04-14 13:47:24 ----D---- C:\Program Files\Google
2010-04-14 13:45:57 ----SHD---- C:\Windows\Installer
2010-04-14 13:45:49 ----D---- C:\ProgramData\Microsoft Help
2010-04-14 13:39:09 ----SHD---- C:\System Volume Information
2010-04-14 13:28:59 ----D---- C:\Program Files\Java
2010-04-14 13:25:20 ----D---- C:\ProgramData\Google
2010-04-13 10:51:53 ----D---- C:\Program Files\Common Files
2010-04-12 09:29:43 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-12 09:28:31 ----RSD---- C:\Windows\assembly
2010-04-12 09:28:25 ----D---- C:\Program Files\Hewlett-Packard
2010-04-11 20:35:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-11 20:33:46 ----D---- C:\Users\Owner\AppData\Roaming\U3
2010-04-10 09:41:20 ----D---- C:\ProgramData\WildTangent
2010-04-09 17:08:58 ----D---- C:\Windows\system32\setup
2010-04-09 16:40:20 ----D---- C:\ProgramData\NVIDIA
2010-04-09 14:27:33 ----A---- C:\Windows\ntbtlog.txt
2010-04-07 22:42:58 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2010-04-07 22:42:58 ----D---- C:\ProgramData\Flood Light Games
2010-04-07 22:28:59 ----D---- C:\Program Files\HP Games
2010-04-06 13:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-04 02:16:44 ----D---- C:\Users\Owner\AppData\Roaming\Opera
2010-04-03 21:31:04 ----D---- C:\Program Files\Opera
2010-04-03 01:15:57 ----SD---- C:\Windows\Downloaded Program Files
2010-04-03 01:15:54 ----D---- C:\Windows\system32\Msdtc
2010-04-03 01:15:54 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-03 01:15:53 ----D---- C:\Windows\Minidump
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Thunderbird
2010-04-03 01:15:49 ----D---- C:\Users\Owner\AppData\Roaming\Restorer
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\Chessmaster Challenge
2010-04-03 01:15:46 ----D---- C:\Users\Owner\AppData\Roaming\BloodTies
2010-04-02 20:45:16 ----D---- C:\Windows\pss
2010-04-02 19:06:57 ----D---- C:\Program Files\Hardwood Spades
2010-04-01 12:11:23 ----D---- C:\Program Files\Common Files\Java
2010-04-01 12:00:10 ----D---- C:\Windows\system32\LogFiles
2010-03-31 03:12:22 ----D---- C:\Windows\system32\migration
2010-03-31 03:12:22 ----D---- C:\Program Files\Internet Explorer
2010-03-20 20:36:22 ----D---- C:\ProgramData\PlayFirst
2010-03-17 19:49:47 ----D---- C:\ProgramData\Adobe
2010-03-17 19:49:47 ----D---- C:\Program Files\Common Files\Adobe
2010-03-16 17:35:49 ----D---- C:\Windows\system32\WDI
2010-03-16 11:58:27 ----A---- C:\Windows\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2008-06-11 53752]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2009-09-12 146448]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-12 89872]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2005-07-28 685056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-04-09 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-04-09 26424]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-09-12 158224]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2009-09-12 283152]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2009-12-04 230928]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2009-12-04 1322680]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\Windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture; C:\Windows\system32\drivers\HCW85BDA.sys [2007-06-11 968064]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-25 2015192]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 prmvmouse;Promethean HID Mouse Service; C:\Windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-09-12 59920]
R3 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-09-12 50704]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VWan2k;BroadJump PPPoE Adapter; C:\Windows\system32\DRIVERS\VWan2k.SYS [2003-05-10 29228]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 VProt2k;BroadJump PPPoE Helper Protocol; C:\Windows\system32\DRIVERS\VProt2k.SYS []
S3 APL531;OVT Scanner; C:\Windows\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-09-23 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-09-23 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 VCR2PC;VCR2PC Analog Capture; C:\Windows\system32\DRIVERS\0140_ION.sys [2008-05-08 277888]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2007-04-25 73728]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-06-11 87344]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-04-09 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-01-26 715368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-12 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-09-12 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-12 689416]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-03 246520]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------