Free Malware Removal Forum

[mj0lnir]

Hello,
I accidentally clicked on a red link (deemed dangerous by McAfee Site Advisor) and I have been getting BSODs ever since. I have had a total of 3 today. As I was doing a virus scan in safe mode, the error occured again. Anyways, here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:19 PM, on 10/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7178 bytes

[Katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

There doesn't appear to be any malware present, please do the following


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

[mj0lnir]

Thank you for your response. Please note that I have replaced my name/username with x's for privacy. The following is the log.txt file:

Logfile of random's system information tool 1.04 (written by random/random)
Run by xxxx at 2008-11-01 08:27:46
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 153 GB (67%) free of 228 GB
Total RAM: 3068 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:49 AM, on 11/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\xxxx\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\xxxx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7286 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-01 554288]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2007-07-16 25264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007-07-16 434864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-23 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2008-06-27 442467]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-01 08:27:46 ----D---- C:\rsit
2008-10-29 08:57:34 ----A---- C:\Windows\system32\win32spl.dll
2008-10-29 08:57:30 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 08:57:30 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-27 22:48:46 ----D---- C:\ProgramData\WindowsSearch
2008-10-27 22:31:50 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-27 22:30:56 ----D---- C:\Program Files\Common Files\Adobe
2008-10-27 22:25:15 ----D---- C:\Program Files\Adobe
2008-10-27 22:16:13 ----D---- C:\ProgramData\NOS
2008-10-27 22:16:13 ----D---- C:\Program Files\NOS
2008-10-27 21:48:06 ----D---- C:\Users\xxxx\AppData\Roaming\Malwarebytes
2008-10-27 21:48:02 ----D---- C:\ProgramData\Malwarebytes
2008-10-27 21:44:12 ----D---- C:\Program Files\Trend Micro
2008-10-27 11:58:15 ----D---- C:\Windows\Minidump
2008-10-26 10:22:22 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-25 09:17:03 ----D---- C:\Program Files\Kaspersky Lab
2008-10-25 09:17:01 ----D---- C:\ProgramData\Kaspersky Lab
2008-10-24 07:42:00 ----A---- C:\Windows\system32\netapi32.dll
2008-10-23 23:00:58 ----D---- C:\Users\xxxx\AppData\Roaming\vlc
2008-10-23 22:24:49 ----D---- C:\Users\xxxx\AppData\Roaming\wsInspector
2008-10-23 22:21:10 ----D---- C:\Program Files\Startup Inspector for Windows
2008-10-21 17:25:11 ----D---- C:\ProgramData\LightScribe
2008-10-20 20:03:51 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-10-19 21:14:51 ----D---- C:\Users\xxxx\AppData\Roaming\Toribash
2008-10-19 21:14:40 ----D---- C:\Games
2008-10-19 12:12:28 ----D---- C:\Program Files\VideoLAN
2008-10-16 22:30:46 ----D---- C:\Program Files\Common Files\LightScribe
2008-10-16 18:12:27 ----D---- C:\Users\xxxx\AppData\Roaming\PeerNetworking
2008-10-15 09:15:23 ----A---- C:\Windows\system32\mshtml.dll
2008-10-15 09:15:22 ----A---- C:\Windows\system32\ieframe.dll
2008-10-15 09:15:20 ----A---- C:\Windows\system32\urlmon.dll
2008-10-15 09:15:19 ----A---- C:\Windows\system32\wininet.dll
2008-10-15 09:15:19 ----A---- C:\Windows\system32\mstime.dll
2008-10-15 09:15:19 ----A---- C:\Windows\system32\iertutil.dll
2008-10-15 09:15:14 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-15 09:15:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-15 09:15:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 09:15:05 ----A---- C:\Windows\system32\EncDec.dll
2008-10-15 09:14:59 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-14 18:12:24 ----D---- C:\Users\xxxx\AppData\Roaming\Lexmark Productivity Studio
2008-10-14 08:45:51 ----D---- C:\Users\xxxx\AppData\Roaming\CyberLink
2008-10-14 08:41:09 ----SHD---- C:\Config.Msi
2008-10-13 23:50:30 ----D---- C:\ProgramData\Lx_cats
2008-10-13 23:47:08 ----D---- C:\logs
2008-10-13 23:43:18 ----A---- C:\Windows\system32\gdiplus.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdiutil.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdiusb1.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdiserv.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdiinst.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdiinpa.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdiiesc.dll
2008-10-13 23:43:03 ----A---- C:\Windows\system32\lxdihcp.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdiprox.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdipplc.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdipmui.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdilmpm.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdijswr.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdiinsr.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdiinsb.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdiins.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdiih.exe
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdihbn3.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdigrd.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdigf.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicur.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicub.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicu.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicoms.exe
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicomm.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicomc.dll
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicfg.exe
2008-10-13 23:43:02 ----A---- C:\Windows\system32\lxdicfg.dll
2008-10-13 23:42:57 ----D---- C:\Program Files\Lexmark 3500-4500 Series
2008-10-13 23:42:18 ----D---- C:\lexmark
2008-10-13 23:28:37 ----D---- C:\Program Files\Paint.NET
2008-10-13 18:52:59 ----A---- C:\Windows\system32\javaws.exe
2008-10-13 18:52:58 ----A---- C:\Windows\system32\javaw.exe
2008-10-13 18:52:58 ----A---- C:\Windows\system32\java.exe
2008-10-13 18:52:36 ----D---- C:\Program Files\Java
2008-10-13 18:50:13 ----D---- C:\Program Files\Common Files\Java
2008-10-13 18:30:44 ----A---- C:\Windows\War3Unin.exe
2008-10-13 18:28:36 ----D---- C:\Users\xxxx\AppData\Roaming\acccore
2008-10-13 18:26:28 ----D---- C:\Program Files\Warcraft III
2008-10-13 18:23:29 ----A---- C:\Windows\ODBC.INI
2008-10-13 18:23:28 ----A---- C:\Windows\system32\mdimon.dll
2008-10-13 18:22:33 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-13 18:22:29 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-13 18:21:08 ----D---- C:\Windows\PCHEALTH
2008-10-13 18:21:08 ----D---- C:\Program Files\Microsoft.NET
2008-10-13 18:19:16 ----RHD---- C:\MSOCache
2008-10-13 17:35:10 ----D---- C:\Program Files\CCleaner
2008-10-13 13:01:16 ----D---- C:\Program Files\Common Files\Steam
2008-10-13 13:01:15 ----D---- C:\Program Files\Steam
2008-10-13 12:59:12 ----D---- C:\Users\xxxx\AppData\Roaming\SiteAdvisor
2008-10-13 12:59:12 ----D---- C:\ProgramData\SiteAdvisor
2008-10-13 12:57:30 ----D---- C:\Users\xxxx\AppData\Roaming\Mozilla
2008-10-13 12:57:23 ----D---- C:\Program Files\Mozilla Firefox
2008-10-13 12:54:19 ----D---- C:\Users\xxxx\AppData\Roaming\Macromedia
2008-10-13 12:45:33 ----A---- C:\Windows\system32\tzres.dll
2008-10-13 12:44:33 ----A---- C:\Windows\system32\msshooks.dll
2008-10-13 12:44:33 ----A---- C:\Windows\system32\msscb.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\srchadmin.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-13 12:44:30 ----A---- C:\Windows\system32\propsys.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\propdefs.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\msstrc.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\msshsq.dll
2008-10-13 12:44:30 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\wsepno.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\tquery.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-13 12:44:29 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-13 12:44:29 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\offfilt.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\mssvp.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\mssrch.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\mssph.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-13 12:44:29 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-13 12:42:19 ----D---- C:\Program Files\MSXML 4.0
2008-10-13 12:39:54 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-13 12:39:52 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-13 12:39:41 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-13 12:36:00 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-13 12:35:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-13 12:35:04 ----A---- C:\Windows\system32\shell32.dll
2008-10-13 12:34:19 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-13 12:34:16 ----A---- C:\Windows\system32\emdmgmt.dll
2008-10-13 12:34:16 ----A---- C:\Windows\system32\dataclen.dll
2008-10-13 12:34:16 ----A---- C:\Windows\system32\cdd.dll
2008-10-13 12:34:14 ----A---- C:\Windows\system32\quartz.dll
2008-10-13 12:34:10 ----A---- C:\Windows\system32\wshext.dll
2008-10-13 12:34:10 ----A---- C:\Windows\system32\wscript.exe
2008-10-13 12:34:10 ----A---- C:\Windows\system32\vbscript.dll
2008-10-13 12:34:10 ----A---- C:\Windows\system32\jscript.dll
2008-10-13 12:34:09 ----A---- C:\Windows\system32\scrrun.dll
2008-10-13 12:34:09 ----A---- C:\Windows\system32\scrobj.dll
2008-10-13 12:34:09 ----A---- C:\Windows\system32\cscript.exe
2008-10-13 12:34:07 ----A---- C:\Windows\system32\es.dll
2008-10-13 12:34:04 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-13 12:34:03 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-13 12:33:56 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-13 12:33:54 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-13 12:33:22 ----D---- C:\Users\xxxx\AppData\Roaming\Adobe
2008-10-13 10:22:31 ----D---- C:\Temp
2008-10-13 10:18:14 ----D---- C:\ProgramData\McAfee
2008-10-13 10:12:45 ----D---- C:\Users\xxxx\AppData\Roaming\Hewlett-Packard
2008-10-13 10:12:28 ----D---- C:\Users\xxxx\AppData\Roaming\Symantec
2008-10-13 10:11:57 ----D---- C:\Users\xxxx\AppData\Roaming\Identities
2008-10-13 10:06:12 ----D---- C:\Users\xxxx\AppData\Roaming\HP TCS
2008-10-13 10:05:38 ----D---- C:\ProgramData\Viewpoint
2008-10-13 10:05:27 ----D---- C:\ProgramData\AOL OCP
2008-10-13 10:05:27 ----D---- C:\ProgramData\AOL
2008-10-13 10:05:13 ----D---- C:\Program Files\Common Files\AOL
2008-10-13 10:05:12 ----D---- C:\Program Files\AIM6
2008-10-13 10:02:57 ----SD---- C:\Users\xxxx\AppData\Roaming\Microsoft
2008-10-13 10:02:57 ----D---- C:\Users\xxxx\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-11-01 08:27:49 ----D---- C:\Windows\Prefetch
2008-11-01 08:27:48 ----D---- C:\Windows\Temp
2008-11-01 08:26:32 ----D---- C:\Windows\System32
2008-11-01 08:26:32 ----D---- C:\Windows\inf
2008-11-01 08:26:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-31 19:36:07 ----D---- C:\Windows\system32\WDI
2008-10-31 08:22:15 ----SHD---- C:\System Volume Information
2008-10-30 17:50:49 ----D---- C:\Windows
2008-10-29 10:17:17 ----D---- C:\Windows\rescache
2008-10-29 09:51:59 ----D---- C:\Windows\winsxs
2008-10-29 08:57:26 ----D---- C:\Windows\system32\catroot
2008-10-29 08:57:07 ----D---- C:\Windows\system32\catroot2
2008-10-28 14:13:09 ----SHD---- C:\Windows\Installer
2008-10-28 08:13:37 ----D---- C:\Program Files
2008-10-27 23:13:57 ----D---- C:\Windows\system32\drivers
2008-10-27 22:48:46 ----HD---- C:\ProgramData
2008-10-27 22:31:50 ----D---- C:\Program Files\Common Files
2008-10-27 22:31:36 ----D---- C:\ProgramData\Adobe
2008-10-27 22:28:43 ----RSD---- C:\Windows\assembly
2008-10-27 22:28:20 ----RSD---- C:\Windows\Fonts
2008-10-27 22:28:09 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-22 10:55:06 ----SD---- C:\ProgramData\Microsoft
2008-10-20 20:02:18 ----D---- C:\Windows\Tasks
2008-10-18 23:20:03 ----D---- C:\Windows\Debug
2008-10-16 22:16:43 ----D---- C:\ProgramData\CyberLink
2008-10-15 09:31:05 ----D---- C:\Windows\Microsoft.NET
2008-10-15 09:25:13 ----D---- C:\Windows\system32\LogFiles
2008-10-15 09:18:49 ----D---- C:\Windows\ehome
2008-10-15 09:18:47 ----D---- C:\Program Files\Windows Mail
2008-10-15 09:18:44 ----D---- C:\Windows\system32\migration
2008-10-14 20:33:17 ----D---- C:\Windows\Logs
2008-10-14 09:27:32 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-14 09:26:15 ----D---- C:\Program Files\Hewlett-Packard
2008-10-14 08:38:12 ----D---- C:\ProgramData\HP
2008-10-13 23:44:05 ----D---- C:\Windows\twain_32
2008-10-13 23:32:18 ----D---- C:\Program Files\Microsoft Works
2008-10-13 19:28:00 ----D---- C:\ProgramData\WildTangent
2008-10-13 18:22:37 ----D---- C:\Windows\ShellNew
2008-10-13 18:22:19 ----D---- C:\Program Files\Microsoft Office
2008-10-13 18:19:22 ----D---- C:\Windows\system
2008-10-13 18:08:04 ----D---- C:\ProgramData\Microsoft Help
2008-10-13 18:04:31 ----D---- C:\Program Files\CyberLink
2008-10-13 16:58:46 ----D---- C:\Windows\panther
2008-10-13 12:48:10 ----D---- C:\Windows\AppPatch
2008-10-13 12:48:06 ----D---- C:\Windows\system32\en-US
2008-10-13 12:48:05 ----D---- C:\Windows\PolicyDefinitions
2008-10-13 12:42:42 ----D---- C:\Windows\SoftwareDistribution
2008-10-13 12:24:48 ----D---- C:\Windows\system32\NDF
2008-10-13 12:16:01 ----D---- C:\Windows\system32\Tasks
2008-10-13 12:11:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-13 12:10:24 ----D---- C:\ProgramData\Symantec
2008-10-13 11:59:09 ----D---- C:\Windows\SMINST
2008-10-13 10:12:08 ----SHD---- C:\$RECYCLE.BIN
2008-10-13 10:06:10 ----RD---- C:\Program Files\Online Services
2008-10-13 10:06:10 ----HD---- C:\HP
2008-10-13 10:05:29 ----SD---- C:\Windows\Downloaded Program Files
2008-10-13 10:05:02 ----D---- C:\Program Files\Windows Sidebar
2008-10-13 10:04:36 ----HD---- C:\System.sav
2008-10-13 10:04:36 ----D---- C:\Windows\system32\restore
2008-10-13 10:04:36 ----D---- C:\SwSetup
2008-10-13 10:02:57 ----RD---- C:\Users
2008-10-07 12:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-25 216080]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-08-07 34608]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-09-11 1326584]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-22 43552]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7494976]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-06-27 380928]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-09-11 1326584]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-08-07 24880]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 lxdi_device;lxdi_device; C:\Windows\system32\lxdicoms.exe [2007-06-11 517040]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 196608]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-04-23 292232]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-04-23 112008]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [2008-06-27 221273]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-21 87288]

-----------------EOF-----------------




And the info.txt file:

info.txt logfile of random's system information tool 1.04 2008-11-01 08:27:51

======Uninstall list======

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{28C3E5E6-5ACA-408D-9A46-089C5334EC97}
HP Quick Launch Buttons 6.40 D1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0102-->MsiExec.exe /I{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
LightScribe System Software 1.14.25.1-->MsiExec.exe /X{DA9DAC64-C947-47BA-B411-8A1959B177CF}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{AAD72731-807A-4B79-AE05-9190B7002B7B}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Ship-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2400
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17500

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
AS: Windows Defender
AS: Kaspersky Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion

-----------------EOF-----------------

[Katana]

There is no obvious sign of malware, but let's make sure.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.




Please post both logs in your reply.

[NonSuch]

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.