Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

clickover.cn Google Redirect spyware


  • This topic is locked This topic is locked
25 replies to this topic

#1 canada_line

canada_line

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 August 2009 - 10:26 PM

Hi, I've recently read many topics about people with this problem, many of which seem to be resolved with combofix. I wanted to use combofix but I realize that I shouldn't attempt this alone. Anyways, here is the info:

Problem Description: Google redirects to random clickover.cn (created) sites and there seems to be a tracking cookie following me.

Here is the DDS log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 15:10:22.89 on 03/08/2009
Internet Explorer: 7.0.6000.16890
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1121 [GMT -7:00]

AV: TELUS security services Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: TELUS security services Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: TELUS security services Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\TELUS\TELUS security services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Users\Regular\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\telus\telus security services\pkR.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroRebootSetup] "c:\users\hp_administrator\appdata\local\temp\nro.tmp\SetupX.exe" SC -Reboot PIINSTALLTYPE="0"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [MSxmlHpr] RUNDLL32.EXE c:\windows\temp\msxm192z.dll,w
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2006-11-2 4608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-3 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
S3 Radialpoint Security Services;TELUS security services;c:\program files\telus\telus security services\RpsSecurityAwareR.exe [2008-12-9 97520]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]

=============== Created Last 30 ================

2009-08-03 14:57 61,440 a------- c:\windows\system32\drivers\fxjuq.sys
2009-08-03 14:45 <DIR> --d----- c:\users\hp_adm~1\appdata\roaming\Malwarebytes
2009-08-03 14:44 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 14:44 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-03 14:44 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-03 14:44 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-03 14:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 12:29 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-03 12:29 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-03 12:29 <DIR> --d----- c:\users\hp_adm~1\appdata\roaming\SUPERAntiSpyware.com
2009-08-03 12:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-03 12:29 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-03 12:22 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-03 12:21 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-03 12:21 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-03 12:21 <DIR> --d----- c:\programdata\Lavasoft
2009-08-03 12:21 <DIR> --d----- c:\program files\Lavasoft
2009-08-03 09:29 268,800 a------- c:\windows\system32\es.dll
2009-08-03 09:25 223,232 a------- c:\windows\system32\WMASF.DLL
2009-08-03 09:25 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-08-03 09:25 2,048 a------- c:\windows\system32\asferror.dll
2009-08-03 09:25 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-08-03 09:25 72,704 a------- c:\windows\system32\secur32.dll
2009-08-03 09:25 25,600 a------- c:\windows\system32\amxread.dll
2009-08-03 09:25 14,848 a------- c:\windows\system32\apilogen.dll
2009-08-03 09:25 7,680 a------- c:\windows\system32\lsass.exe
2009-08-02 16:32 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-08-02 16:32 223,232 a------- c:\windows\system32\SLC.dll
2009-08-02 16:32 33,280 a------- c:\windows\system32\slwmi.dll
2009-08-02 16:32 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-08-02 16:32 351,232 a------- c:\windows\system32\SLUI.exe
2009-08-02 16:32 186,368 a------- c:\windows\system32\SLLUA.exe
2009-08-02 16:32 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-08-02 16:32 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-08-02 16:32 39,936 a------- c:\windows\system32\slcinst.dll
2009-08-02 16:31 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-08-02 16:31 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-08-02 16:31 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-08-02 16:28 220,160 a------- c:\windows\system32\ntprint.dll
2009-08-02 16:27 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-08-02 16:27 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-08-02 16:27 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-08-02 16:27 269,824 a------- c:\windows\system32\schannel.dll
2009-08-01 19:33 <DIR> --d----- c:\programdata\LightScribe
2009-08-01 19:33 <DIR> --d----- c:\progra~2\LightScribe
2009-08-01 19:29 248,448 a------- c:\windows\system32\PROUnstl.exe
2009-08-01 19:28 118 a------- c:\windows\system32\MRT.INI
2009-08-01 19:27 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-01 19:17 207,887,830 a------- c:\windows\MEMORY.DMP
2009-08-01 18:41 4,767 a------- c:\windows\Irremote.ini
2009-08-01 18:27 <DIR> --d----- c:\program files\Nero
2009-08-01 18:26 <DIR> --d----- c:\programdata\Nero
2009-08-01 18:26 <DIR> --d----- c:\progra~2\Nero
2009-08-01 18:25 1,315,328 a------- c:\windows\system32\ole32.dll
2009-08-01 10:52 61,440 a------- c:\windows\system32\winipsec.dll
2009-08-01 10:52 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-08-01 10:52 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-08-01 10:52 272,896 a------- c:\windows\system32\polstore.dll
2009-08-01 10:50 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-08-01 10:50 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-08-01 10:50 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-08-01 10:48 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-08-01 10:48 428,032 a------- c:\windows\system32\EncDec.dll
2009-08-01 10:48 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-08-01 10:48 292,352 a------- c:\windows\system32\psisdecd.dll
2009-08-01 10:48 217,088 a------- c:\windows\system32\psisrndr.ax
2009-08-01 10:48 80,896 a------- c:\windows\system32\MSNP.ax
2009-08-01 10:48 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-08-01 10:48 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-08-01 10:46 205,824 a------- c:\windows\system32\msoeacct.dll
2009-08-01 10:46 87,040 a------- c:\windows\system32\msoert2.dll
2009-08-01 10:46 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-08-01 10:44 194,560 a------- c:\windows\system32\WebClnt.dll
2009-08-01 10:44 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-08-01 10:43 2,028,032 a------- c:\windows\system32\win32k.sys
2009-08-01 10:42 156,160 a------- c:\windows\system32\t2embed.dll
2009-08-01 10:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-01 10:42 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-01 10:42 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-01 10:42 24,064 a------- c:\windows\system32\lpk.dll
2009-08-01 10:42 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-01 10:40 49,664 a------- c:\windows\system32\csrsrv.dll
2009-08-01 10:40 376,320 a------- c:\windows\system32\winsrv.dll
2009-08-01 10:37 376,832 a------- c:\windows\system32\winhttp.dll
2009-08-01 10:36 297,472 a------- c:\windows\system32\gdi32.dll
2009-08-01 10:35 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-08-01 10:35 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-08-01 10:34 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-01 10:33 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-08-01 10:32 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-08-01 10:32 30,208 a------- c:\windows\system32\xolehlp.dll
2009-08-01 10:31 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-01 10:31 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-01 10:31 1,687,040 a------- c:\windows\system32\gameux.dll
2009-08-01 10:29 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-08-01 10:28 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-08-01 10:28 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-01 10:27 414,208 a------- c:\windows\system32\msscp.dll
2009-08-01 10:26 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-08-01 10:25 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-08-01 10:25 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-08-01 10:25 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-08-01 10:25 86,016 a------- c:\windows\system32\icfupgd.dll
2009-08-01 10:25 61,952 a------- c:\windows\system32\cmifw.dll
2009-08-01 10:25 16,896 a------- c:\windows\system32\wfapigp.dll
2009-08-01 10:25 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-08-01 10:25 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-08-01 10:25 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-08-01 10:21 2,048 a------- c:\windows\system32\tzres.dll
2009-08-01 10:19 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-08-01 10:19 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-01 10:19 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-01 10:19 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-01 10:15 696,832 a------- c:\windows\system32\localspl.dll
2009-08-01 10:10 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-08-01 10:10 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-08-01 10:10 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-08-01 10:10 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-08-01 10:10 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-08-01 10:10 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-08-01 10:08 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-08-01 10:07 2,923,520 a------- c:\windows\explorer.exe
2009-08-01 10:05 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-08-01 10:05 8,704 a------- c:\windows\system32\hccoin.dll
2009-08-01 10:05 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-08-01 10:05 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-08-01 10:05 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-08-01 10:05 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-08-01 10:05 8,704 a------- c:\windows\system32\hcrstco.dll
2009-08-01 10:05 73,216 a------- c:\windows\system32\drivers\usbccgp.sys
2009-08-01 10:03 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-08-01 10:03 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-01 10:03 24,064 a------- c:\windows\system32\netcfg.exe
2009-08-01 10:03 22,016 a------- c:\windows\system32\netiougc.exe
2009-08-01 10:03 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-01 09:51 441,856 a------- c:\windows\system32\win32spl.dll
2009-08-01 09:51 37,376 a------- c:\windows\system32\printcom.dll
2009-08-01 09:49 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-08-01 09:43 458,752 -------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-01 09:43 327,680 -------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-01 09:43 23,592,960 -------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-01 09:38 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-01 09:38 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-01 09:38 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-01 09:38 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-01 09:38 83,968 a------- c:\windows\system32\mscories.dll
2009-08-01 09:32 <DIR> --d----- C:\DVDVOLUME
2009-08-01 09:31 <DIR> --d----- c:\programdata\SlySoft
2009-08-01 09:26 2,855,424 a------- c:\windows\system32\mf.dll
2009-08-01 09:26 98,816 a------- c:\windows\system32\mfps.dll
2009-08-01 09:26 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-08-01 09:26 24,576 a------- c:\windows\system32\mfpmp.exe
2009-08-01 09:26 2,048 a------- c:\windows\system32\mferror.dll
2009-08-01 09:25 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-08-01 09:25 94,720 a------- c:\windows\system32\logagent.exe
2009-08-01 09:25 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-08-01 09:25 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-08-01 09:25 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-08-01 09:25 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-08-01 09:25 737,792 a------- c:\windows\system32\inetcomm.dll
2009-08-01 09:25 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-01 09:25 1,645,568 a------- c:\windows\system32\connect.dll
2009-08-01 09:24 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-08-01 09:24 5,120 a------- c:\windows\system32\wmi.dll
2009-08-01 09:24 152,576 a------- c:\windows\system32\imagehlp.dll
2009-08-01 09:24 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-08-01 09:24 1,327,104 a------- c:\windows\system32\quartz.dll
2009-08-01 09:23 <DIR> --d----- c:\program files\CONEXANT
2009-08-01 09:23 974,336 a------- c:\windows\system32\crypt32.dll
2009-08-01 09:23 99,840 a------- c:\windows\system32\poqexec.exe
2009-08-01 09:23 633,856 a------- c:\windows\system32\user32.dll
2009-08-01 09:23 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-08-01 09:23 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-01 09:22 750,080 a------- c:\windows\system32\qmgr.dll
2009-07-31 20:32 <DIR> --d----- C:\Intel
2009-07-31 20:31 385,024 a------- c:\windows\system32\igxpun.exe
2009-07-31 20:31 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-07-31 20:31 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-07-31 20:31 <DIR> --d----- c:\windows\system32\x64
2009-07-31 20:14 <DIR> --d----- c:\programdata\Messenger Plus!
2009-07-31 20:14 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-07-31 20:14 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-07-31 19:44 <DIR> --d----- c:\programdata\DVD Shrink
2009-07-31 19:44 <DIR> --d----- c:\program files\DVD Shrink
2009-07-31 18:09 49,152 a------- c:\windows\system32\ChCfg.exe
2009-07-31 18:09 1,766,912 a------- c:\windows\system32\RtkAPO.dll
2009-07-31 18:09 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-31 18:06 319,984 a------- c:\windows\DIFxAPI.dll
2009-07-31 18:06 1,647,976 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-07-31 18:06 1,183,744 a------- c:\windows\RtlUpd.exe
2009-07-31 18:06 532,480 a------- c:\windows\system32\RTSndMgr.Cpl
2009-07-31 18:06 284,160 a------- c:\windows\system32\RtkPgExt.dll
2009-07-31 18:06 3,784,704 a------- c:\windows\RtHDVCpl.exe
2009-07-31 18:06 <DIR> --d----- c:\program files\Realtek
2009-07-31 18:06 499,712 a------- c:\windows\RtlExUpd.dll
2009-07-31 17:45 31,644,960 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-07-31 17:45 422,180 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-31 17:40 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-07-31 17:39 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-07-31 17:39 <DIR> --d----- c:\programdata\Raxco
2009-07-31 17:39 <DIR> --d----- c:\program files\Raxco
2009-07-31 17:37 <DIR> --d----- c:\users\hp_adm~1\appdata\roaming\TELUS
2009-07-31 17:37 <DIR> --d----- c:\programdata\TELUS
2009-07-31 17:37 <DIR> --d----- c:\program files\TELUS
2009-07-31 17:37 <DIR> --d----- c:\progra~2\TELUS
2009-07-31 17:36 <DIR> --d----- c:\users\hp_administrator\Tracing
2009-07-31 17:35 <DIR> --d----- c:\program files\Microsoft
2009-07-31 17:35 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-31 17:35 <DIR> --d----- c:\windows\PCHEALTH
2009-07-31 17:34 <DIR> --dsh--- c:\windows\Installer
2009-07-31 17:31 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-31 17:20 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-31 17:20 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-31 17:20 <DIR> --d----- c:\windows\Panther
2009-07-31 17:20 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-31 17:20 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-31 17:12 <DIR> --d----- C:\Windows.old
2009-07-31 16:37 <DIR> --d----- c:\users\HP_Administrator
2009-07-31 16:27 423 a--shr-- C:\Boot.ini.saved
2009-07-31 16:10 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-07-31 16:10 438,840 a--shr-- C:\bootmgr
2009-07-31 16:10 <DIR> --dsh--- C:\Boot
2009-07-31 12:50 <DIR> --dshr-- C:\cmdcons

==================== Find3M ====================

2009-08-03 14:57 404 a------- c:\program files\nodpg.txt
2009-08-03 09:34 51,200 a------- c:\windows\inf\infpub.dat
2009-08-03 09:33 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-03 09:33 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-03 09:33 86,016 a------- c:\windows\inf\infstor.dat
2009-08-03 09:25 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-08-02 16:30 72,704 a------- c:\windows\system32\admparse.dll
2009-08-02 16:30 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-02 16:30 827,392 a------- c:\windows\system32\wininet.dll
2009-08-02 16:30 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-02 16:30 48,128 a------- c:\windows\system32\mshtmler.dll
2009-08-02 16:30 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-02 16:30 56,320 a------- c:\windows\system32\iesetup.dll
2009-08-01 11:07 174 a--sh--- c:\program files\desktop.ini
2009-08-01 10:45 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-08-01 10:45 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-08-01 10:45 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-08-01 10:45 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-08-01 10:45 542,720 a------- c:\windows\system32\sysmain.dll
2009-08-01 10:45 502,784 a------- c:\windows\system32\wlansvc.dll
2009-08-01 10:45 297,984 a------- c:\windows\system32\wlansec.dll
2009-08-01 10:45 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-08-01 10:45 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-08-01 10:45 47,104 a------- c:\windows\system32\wlanapi.dll
2009-08-01 10:31 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-01 10:31 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-08-01 10:31 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-01 10:31 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-01 10:31 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-25 05:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:13:11.52 ===============


By the way, I know for a fact that my computer can't run the gmer scan because I've tried it before and many errors occur.

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 14 August 2009 - 02:04 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 14 August 2009 - 05:02 PM

Hello, sorry about this but as I will be busy for the next few days, I may not be able to respond. If I find the time, I will do what you have asked me to do ASAP. But otherwise, please allow me 6-7 days time to get back to you. However, please don't close this thread yet. I apologize for this inconvenience.

Edited by canada_line, 14 August 2009 - 05:03 PM.


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 15 August 2009 - 11:17 AM

Will keep the thread open. Thanks for letting me know.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 18 August 2009 - 06:05 PM

Would not being able to install shockwave have anything to do with my current problem? Anyways, here is log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-18 15:59:47
Microsoft® Windows Vista™ Home Premium
System drive C: has 234 GB (85%) free of 277 GB
Total RAM: 2038 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:55 PM, on 18/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Regular\Downloads\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroRebootSetup] "C:\Users\HP_Administrator\AppData\Local\Temp\nro.tmp\SetupX.exe" SC -Reboot PIINSTALLTYPE="0"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4159486086-894115154-3748162312-1001\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (User 'Regular')
O4 - HKUS\S-1-5-18\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
O23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5579 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\TELUS\TELUS security services\pkR.dll [2008-12-09 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-08-01 1006264]
"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2008-09-18 3228912]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"NeroRebootSetup"=C:\Users\HP_Administrator\AppData\Local\Temp\nro.tmp\SetupX.exe SC -Reboot PIINSTALLTYPE=0 []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-12 520024]
"MRT"=C:\Windows\system32\MRT.exe [2009-07-29 24281536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2006-11-02 216064]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-08-03 1295632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-05-18 2363392]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-08-15 18:41:55 ----D---- C:\rsit
2009-08-15 18:41:55 ----D---- C:\Program Files\trend micro
2009-08-12 08:51:42 ----A---- C:\Windows\system32\atl.dll
2009-08-12 08:51:40 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 08:51:36 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 08:51:35 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-12 08:51:35 ----A---- C:\Windows\system32\aaclient.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\msvidc32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\msvfw32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\msrle32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\mciavi32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\avicap32.dll
2009-08-12 08:51:26 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 08:51:24 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 08:51:23 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 08:51:21 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 08:51:20 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-04 21:56:06 ----D---- C:\Windows\system32\Adobe
2009-08-03 20:21:42 ----A---- C:\Windows\ntbtlog.txt
2009-08-03 20:15:28 ----D---- C:\RootRepeal
2009-08-03 15:28:39 ----D---- C:\Avenger
2009-08-03 15:28:39 ----A---- C:\avenger.txt
2009-08-03 14:45:46 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Malwarebytes
2009-08-03 14:44:34 ----D---- C:\ProgramData\Malwarebytes
2009-08-03 14:44:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 12:29:36 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-08-03 12:29:20 ----D---- C:\Users\HP_Administrator\AppData\Roaming\SUPERAntiSpyware.com
2009-08-03 12:29:20 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-03 12:29:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-03 12:22:37 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-03 12:21:37 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-03 12:21:34 ----D---- C:\ProgramData\Lavasoft
2009-08-03 12:21:34 ----D---- C:\Program Files\Lavasoft
2009-08-03 09:29:24 ----A---- C:\Windows\system32\es.dll
2009-08-03 09:28:51 ----A---- C:\Windows\system32\setupapi.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\wpd_ci.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\winresume.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\winload.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\srdelayed.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\srcore.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\srclient.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\rstrui.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\kd1394.dll
2009-08-03 09:28:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-08-03 09:28:28 ----A---- C:\Windows\system32\drvinst.exe
2009-08-03 09:28:28 ----A---- C:\Windows\system32\ci.dll
2009-08-03 09:28:28 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\unlodctr.exe
2009-08-03 09:28:27 ----A---- C:\Windows\system32\prflbmsg.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\oleaut32.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\nshhttp.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\lodctr.exe
2009-08-03 09:28:27 ----A---- C:\Windows\system32\loadperf.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\kbd106n.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\dpx.dll
2009-08-03 09:28:26 ----A---- C:\Windows\system32\schedsvc.dll
2009-08-03 09:28:25 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-08-03 09:28:25 ----A---- C:\Windows\system32\dispci.dll
2009-08-03 09:28:25 ----A---- C:\Windows\system32\batt.dll
2009-08-03 09:25:50 ----A---- C:\Windows\system32\WMASF.DLL
2009-08-03 09:25:50 ----A---- C:\Windows\system32\LAPRXY.DLL
2009-08-03 09:25:50 ----A---- C:\Windows\system32\asferror.dll
2009-08-03 09:25:29 ----A---- C:\Windows\system32\kernel32.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\secur32.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\lsass.exe
2009-08-03 09:25:28 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\apilogen.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\amxread.dll
2009-08-02 16:33:58 ----A---- C:\Windows\system32\rpcss.dll
2009-08-02 16:33:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-02 16:33:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-02 16:33:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-02 16:33:56 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-02 16:33:53 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-02 16:33:53 ----A---- C:\Windows\system32\iasads.dll
2009-08-02 16:33:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-02 16:33:52 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-02 16:32:18 ----A---- C:\Windows\system32\slwmi.dll
2009-08-02 16:32:18 ----A---- C:\Windows\system32\SLC.dll
2009-08-02 16:32:18 ----A---- C:\Windows\system32\mcbuilder.exe
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLUINotify.dll
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLUI.exe
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLLUA.exe
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-08-02 16:32:16 ----A---- C:\Windows\system32\SLsvc.exe
2009-08-02 16:32:16 ----A---- C:\Windows\system32\slcinst.dll
2009-08-02 16:31:31 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-02 16:31:31 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-02 16:31:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-02 16:30:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-02 16:30:23 ----A---- C:\Windows\system32\advpack.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\ieakui.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\admparse.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\wininet.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\dxtrans.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\dxtmsft.dll
2009-08-02 16:30:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-02 16:30:19 ----A---- C:\Windows\system32\ieui.dll
2009-08-02 16:30:19 ----A---- C:\Windows\system32\ieframe.dll
2009-08-02 16:30:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-08-02 16:30:17 ----A---- C:\Windows\system32\mshtmled.dll
2009-08-02 16:30:17 ----A---- C:\Windows\system32\ieencode.dll
2009-08-02 16:30:16 ----A---- C:\Windows\system32\mshtml.dll
2009-08-02 16:30:14 ----A---- C:\Windows\system32\mstime.dll
2009-08-02 16:30:14 ----A---- C:\Windows\system32\icardie.dll
2009-08-02 16:30:12 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-02 16:30:11 ----A---- C:\Windows\system32\urlmon.dll
2009-08-02 16:30:11 ----A---- C:\Windows\system32\pngfilt.dll
2009-08-02 16:30:11 ----A---- C:\Windows\system32\occache.dll
2009-08-02 16:30:11 ----A---- C:\Windows\system32\iertutil.dll
2009-08-02 16:30:10 ----A---- C:\Windows\system32\iesetup.dll
2009-08-02 16:30:10 ----A---- C:\Windows\system32\iernonce.dll
2009-08-02 16:30:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-08-02 16:28:56 ----A---- C:\Windows\system32\ntprint.exe
2009-08-02 16:28:56 ----A---- C:\Windows\system32\ntprint.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\authui.dll
2009-08-02 16:28:52 ----A---- C:\Windows\system32\sendmail.dll
2009-08-02 16:28:25 ----A---- C:\Windows\system32\wshrm.dll
2009-08-02 16:28:11 ----A---- C:\Windows\system32\sbunattend.exe
2009-08-02 16:27:42 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-08-02 16:27:42 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-08-02 16:27:42 ----A---- C:\Windows\system32\dnsapi.dll
2009-08-02 16:27:32 ----A---- C:\Windows\system32\schannel.dll
2009-08-01 19:41:44 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Nero
2009-08-01 19:33:03 ----D---- C:\ProgramData\LightScribe
2009-08-01 19:29:05 ----A---- C:\Windows\system32\PROUnstl.exe
2009-08-01 19:28:47 ----A---- C:\Windows\system32\MRT.INI
2009-08-01 19:27:50 ----D---- C:\Program Files\MSXML 4.0
2009-08-01 19:17:58 ----D---- C:\Windows\Minidump
2009-08-01 19:13:48 ----A---- C:\Windows\system32\vsfoceebgwpyqb.dll
2009-08-01 19:13:42 ----A---- C:\Windows\system32\vsfocebyxtqnre.dll
2009-08-01 18:41:49 ----A---- C:\Windows\Irremote.ini
2009-08-01 18:27:15 ----D---- C:\Program Files\Nero
2009-08-01 18:26:41 ----D---- C:\ProgramData\Nero
2009-08-01 18:26:41 ----D---- C:\Program Files\Common Files\Nero
2009-08-01 18:25:50 ----A---- C:\Windows\system32\ole32.dll
2009-08-01 18:24:23 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-08-01 18:23:19 ----D---- C:\Program Files\Common Files\LightScribe
2009-08-01 18:22:15 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Adobe
2009-08-01 18:07:27 ----D---- C:\Program Files\WinRAR
2009-08-01 10:52:47 ----A---- C:\Windows\system32\winipsec.dll
2009-08-01 10:52:47 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-08-01 10:52:46 ----A---- C:\Windows\system32\polstore.dll
2009-08-01 10:52:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-08-01 10:51:34 ----A---- C:\Windows\system32\riched32.dll
2009-08-01 10:51:34 ----A---- C:\Windows\system32\riched20.dll
2009-08-01 10:51:30 ----A---- C:\Windows\system32\rasser.dll
2009-08-01 10:51:30 ----A---- C:\Windows\system32\rasdiag.dll
2009-08-01 10:51:30 ----A---- C:\Windows\system32\rascfg.dll
2009-08-01 10:51:29 ----A---- C:\Windows\system32\rasmxs.dll
2009-08-01 10:51:29 ----A---- C:\Windows\system32\netcfgx.dll
2009-08-01 10:51:28 ----A---- C:\Windows\system32\msftedit.dll
2009-08-01 10:51:27 ----A---- C:\Windows\system32\ipnathlp.dll
2009-08-01 10:51:27 ----A---- C:\Windows\system32\icsunattend.exe
2009-08-01 10:51:26 ----A---- C:\Windows\system32\wshqos.dll
2009-08-01 10:51:25 ----A---- C:\Windows\system32\traffic.dll
2009-08-01 10:51:25 ----A---- C:\Windows\system32\pacerprf.dll
2009-08-01 10:51:23 ----A---- C:\Windows\system32\dps.dll
2009-08-01 10:51:23 ----A---- C:\Windows\system32\cdd.dll
2009-08-01 10:50:17 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-08-01 10:50:17 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-08-01 10:50:17 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-01 10:48:47 ----A---- C:\Windows\system32\mcmde.dll
2009-08-01 10:48:47 ----A---- C:\Windows\system32\EncDec.dll
2009-08-01 10:48:46 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-01 10:46:57 ----A---- C:\Windows\system32\msoert2.dll
2009-08-01 10:46:57 ----A---- C:\Windows\system32\msoeacct.dll
2009-08-01 10:46:57 ----A---- C:\Windows\system32\ACCTRES.dll
2009-08-01 10:45:46 ----A---- C:\Windows\system32\wtsapi32.dll
2009-08-01 10:45:41 ----A---- C:\Windows\system32\sysmain.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlansvc.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlansec.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlanhlp.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlanapi.dll
2009-08-01 10:44:37 ----A---- C:\Windows\system32\WebClnt.dll
2009-08-01 10:42:47 ----A---- C:\Windows\system32\t2embed.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\lpk.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\fontsub.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\dciman32.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\atmlib.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\atmfd.dll
2009-08-01 10:40:51 ----A---- C:\Windows\system32\csrsrv.dll
2009-08-01 10:40:50 ----A---- C:\Windows\system32\winsrv.dll
2009-08-01 10:37:52 ----A---- C:\Windows\system32\winhttp.dll
2009-08-01 10:36:05 ----A---- C:\Windows\system32\gdi32.dll
2009-08-01 10:33:26 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-08-01 10:32:33 ----A---- C:\Windows\system32\xolehlp.dll
2009-08-01 10:32:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-01 10:31:35 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-01 10:31:23 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-01 10:31:19 ----A---- C:\Windows\system32\gameux.dll
2009-08-01 10:29:46 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-01 10:28:51 ----A---- C:\Windows\system32\msxml3r.dll
2009-08-01 10:28:51 ----A---- C:\Windows\system32\msxml3.dll
2009-08-01 10:27:53 ----A---- C:\Windows\system32\msscp.dll
2009-08-01 10:26:52 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-08-01 10:25:56 ----A---- C:\Windows\system32\MPSSVC.dll
2009-08-01 10:25:56 ----A---- C:\Windows\system32\FirewallAPI.dll
2009-08-01 10:25:55 ----A---- C:\Windows\system32\wfapigp.dll
2009-08-01 10:25:55 ----A---- C:\Windows\system32\icfupgd.dll
2009-08-01 10:25:55 ----A---- C:\Windows\system32\cmifw.dll
2009-08-01 10:25:54 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-08-01 10:23:34 ----A---- C:\Windows\system32\netapi32.dll
2009-08-01 10:21:23 ----A---- C:\Windows\system32\tzres.dll
2009-08-01 10:16:24 ----A---- C:\Windows\system32\shell32.dll
2009-08-01 10:15:06 ----A---- C:\Windows\system32\localspl.dll
2009-08-01 10:08:35 ----A---- C:\Windows\system32\DWWIN.EXE
2009-08-01 10:07:34 ----A---- C:\Windows\explorer.exe
2009-08-01 10:05:32 ----A---- C:\Windows\system32\hccoin.dll
2009-08-01 10:05:31 ----A---- C:\Windows\system32\hcrstco.dll
2009-08-01 10:03:40 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-08-01 10:03:40 ----A---- C:\Windows\system32\netiougc.exe
2009-08-01 10:03:40 ----A---- C:\Windows\system32\netcfg.exe
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-08-01 10:02:36 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-08-01 10:02:36 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-08-01 10:02:36 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-08-01 10:02:35 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-08-01 10:02:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-08-01 10:02:34 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-08-01 10:02:34 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-08-01 10:02:33 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-08-01 10:02:33 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-08-01 10:02:32 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-08-01 10:02:32 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-08-01 10:02:31 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-08-01 10:02:31 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-08-01 10:02:30 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-08-01 10:02:30 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-08-01 10:02:29 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-01 10:02:29 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-01 10:02:28 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-08-01 10:02:28 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-08-01 10:02:27 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-08-01 10:02:27 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-08-01 10:02:27 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-08-01 10:02:26 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-08-01 10:02:26 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-08-01 10:02:25 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-08-01 10:02:25 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-08-01 10:02:24 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-08-01 10:02:24 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-08-01 10:02:23 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-08-01 10:02:23 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-08-01 10:02:22 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-08-01 10:02:22 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-08-01 10:02:21 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-08-01 10:02:21 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-08-01 10:02:20 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-08-01 10:02:20 ----A---- C:\Windows\system32\NlsData0046.dll
2009-08-01 10:02:20 ----A---- C:\Windows\system32\NlsData0045.dll
2009-08-01 10:02:19 ----A---- C:\Windows\system32\NlsData0049.dll
2009-08-01 10:02:19 ----A---- C:\Windows\system32\NlsData0047.dll
2009-08-01 10:02:19 ----A---- C:\Windows\system32\NlsData0039.dll
2009-08-01 10:02:18 ----A---- C:\Windows\system32\NlsData0021.dll
2009-08-01 10:02:18 ----A---- C:\Windows\system32\NlsData0020.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0027.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0026.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0024.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0022.dll
2009-08-01 10:02:16 ----A---- C:\Windows\system32\NlsData0011.dll
2009-08-01 10:02:16 ----A---- C:\Windows\system32\NlsData0010.dll
2009-08-01 10:02:15 ----A---- C:\Windows\system32\NlsData0018.dll
2009-08-01 10:02:15 ----A---- C:\Windows\system32\NlsData0013.dll
2009-08-01 10:02:15 ----A---- C:\Windows\system32\NlsData0000.dll
2009-08-01 10:02:14 ----A---- C:\Windows\system32\NlsData0019.dll
2009-08-01 10:02:14 ----A---- C:\Windows\system32\NlsData0002.dll
2009-08-01 10:02:14 ----A---- C:\Windows\system32\NlsData0001.dll
2009-08-01 10:02:13 ----A---- C:\Windows\system32\NlsData0009.dll
2009-08-01 10:02:13 ----A---- C:\Windows\system32\NlsData0007.dll
2009-08-01 10:02:13 ----A---- C:\Windows\system32\NlsData0003.dll
2009-08-01 10:02:12 ----A---- C:\Windows\system32\NlsData004c.dll
2009-08-01 10:02:12 ----A---- C:\Windows\system32\NlsData004b.dll
2009-08-01 10:02:12 ----A---- C:\Windows\system32\NlsData004a.dll
2009-08-01 10:02:11 ----A---- C:\Windows\system32\NlsData004e.dll
2009-08-01 10:02:11 ----A---- C:\Windows\system32\NlsData003e.dll
2009-08-01 10:02:11 ----A---- C:\Windows\system32\NlsData002a.dll
2009-08-01 10:02:10 ----A---- C:\Windows\system32\NlsData001b.dll
2009-08-01 10:02:10 ----A---- C:\Windows\system32\NlsData001a.dll
2009-08-01 10:02:09 ----A---- C:\Windows\system32\NlsData001d.dll
2009-08-01 10:02:09 ----A---- C:\Windows\system32\NlsData000c.dll
2009-08-01 10:02:09 ----A---- C:\Windows\system32\NlsData000a.dll
2009-08-01 10:02:08 ----A---- C:\Windows\system32\NlsData000f.dll
2009-08-01 10:02:08 ----A---- C:\Windows\system32\NlsData000d.dll
2009-08-01 10:02:07 ----A---- C:\Windows\system32\NlsData0416.dll
2009-08-01 10:02:07 ----A---- C:\Windows\system32\NlsData0414.dll
2009-08-01 10:02:07 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-01 10:02:06 ----A---- C:\Windows\system32\NlsData081a.dll
2009-08-01 10:02:06 ----A---- C:\Windows\system32\NlsData0816.dll
2009-08-01 10:02:05 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-08-01 10:02:04 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-08-01 09:51:51 ----A---- C:\Windows\system32\win32spl.dll
2009-08-01 09:51:51 ----A---- C:\Windows\system32\printcom.dll
2009-08-01 09:38:15 ----A---- C:\Windows\system32\dfshim.dll
2009-08-01 09:38:14 ----A---- C:\Windows\system32\netfxperf.dll
2009-08-01 09:38:08 ----A---- C:\Windows\system32\mscoree.dll
2009-08-01 09:38:05 ----A---- C:\Windows\system32\mscorier.dll
2009-08-01 09:38:03 ----A---- C:\Windows\system32\mscories.dll
2009-08-01 09:31:45 ----D---- C:\ProgramData\SlySoft
2009-08-01 09:26:01 ----A---- C:\Windows\system32\rrinstaller.exe
2009-08-01 09:26:01 ----A---- C:\Windows\system32\mfps.dll
2009-08-01 09:26:01 ----A---- C:\Windows\system32\mf.dll
2009-08-01 09:26:00 ----A---- C:\Windows\system32\mfpmp.exe
2009-08-01 09:26:00 ----A---- C:\Windows\system32\mferror.dll
2009-08-01 09:25:58 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-01 09:25:58 ----A---- C:\Windows\system32\logagent.exe
2009-08-01 09:25:56 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-08-01 09:25:26 ----A---- C:\Windows\system32\INETRES.dll
2009-08-01 09:25:26 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-01 09:25:14 ----A---- C:\Windows\system32\connect.dll
2009-08-01 09:24:59 ----A---- C:\Windows\system32\wmi.dll
2009-08-01 09:24:58 ----A---- C:\Windows\system32\imagehlp.dll
2009-08-01 09:24:52 ----A---- C:\Windows\system32\rpcrt4.dll
2009-08-01 09:24:43 ----A---- C:\Windows\system32\quartz.dll
2009-08-01 09:23:57 ----D---- C:\Program Files\CONEXANT
2009-08-01 09:23:44 ----A---- C:\Windows\system32\crypt32.dll
2009-08-01 09:23:32 ----A---- C:\Windows\system32\user32.dll
2009-08-01 09:23:27 ----A---- C:\Windows\system32\msxml6r.dll
2009-08-01 09:23:27 ----A---- C:\Windows\system32\msxml6.dll
2009-08-01 09:22:31 ----A---- C:\Windows\system32\qmgr.dll
2009-07-31 20:32:28 ----D---- C:\Intel
2009-07-31 20:31:42 ----D---- C:\Windows\system32\x64
2009-07-31 20:31:42 ----A---- C:\Windows\system32\igxpun.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\oemdspif.dll
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxzoom.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxtray.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxsrvc.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxCoIn_v1114.dll
2009-07-31 20:30:12 ----A---- C:\Windows\system32\igfxsrvc.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxress.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxpph.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxpers.exe
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxext.exe
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxexps.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxdo.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxdev.dll
2009-07-31 20:30:10 ----A---- C:\Windows\system32\igfxcfg.exe
2009-07-31 20:30:10 ----A---- C:\Windows\system32\ig4icd32.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\ig4dev32.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\hkcmd.exe
2009-07-31 20:30:09 ----A---- C:\Windows\system32\hccutils.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\difxapi.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\difx32.dll
2009-07-31 20:14:27 ----D---- C:\ProgramData\Messenger Plus!
2009-07-31 20:14:23 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-31 20:10:24 ----D---- C:\Program Files\SlySoft
2009-07-31 19:44:42 ----D---- C:\ProgramData\DVD Shrink
2009-07-31 19:44:40 ----D---- C:\Program Files\DVD Shrink
2009-07-31 18:09:31 ----A---- C:\Windows\system32\ChCfg.exe
2009-07-31 18:09:30 ----A---- C:\Windows\system32\RtkAPO.dll
2009-07-31 18:09:18 ----D---- C:\Windows\system32\RTCOM
2009-07-31 18:06:48 ----A---- C:\Windows\DIFxAPI.dll
2009-07-31 18:06:46 ----A---- C:\Windows\system32\RtkPgExt.dll
2009-07-31 18:06:46 ----A---- C:\Windows\RtlUpd.exe
2009-07-31 18:06:45 ----D---- C:\Program Files\Realtek
2009-07-31 18:06:45 ----A---- C:\Windows\RtHDVCpl.exe
2009-07-31 18:06:29 ----A---- C:\Windows\RtlExUpd.dll
2009-07-31 18:06:25 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-31 17:58:01 ----D---- C:\Windows\system32\Macromed
2009-07-31 17:39:18 ----D---- C:\ProgramData\Raxco
2009-07-31 17:39:18 ----D---- C:\Program Files\Raxco
2009-07-31 17:37:34 ----D---- C:\Users\HP_Administrator\AppData\Roaming\TELUS
2009-07-31 17:37:26 ----D---- C:\ProgramData\TELUS
2009-07-31 17:37:26 ----D---- C:\Program Files\TELUS
2009-07-31 17:37:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-31 17:35:52 ----D---- C:\Program Files\Microsoft
2009-07-31 17:35:32 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-31 17:35:14 ----D---- C:\Program Files\Windows Live
2009-07-31 17:35:00 ----D---- C:\Windows\PCHEALTH
2009-07-31 17:34:57 ----SHD---- C:\Windows\Installer
2009-07-31 17:31:18 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wups2.dll
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wucltux.dll
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-31 17:20:42 ----A---- C:\Windows\system32\wups.dll
2009-07-31 17:20:42 ----A---- C:\Windows\system32\wudriver.dll
2009-07-31 17:20:42 ----A---- C:\Windows\system32\wuapi.dll
2009-07-31 17:20:40 ----D---- C:\Windows\Panther
2009-07-31 17:20:28 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-31 17:20:28 ----A---- C:\Windows\system32\wuapp.exe
2009-07-31 17:12:57 ----D---- C:\Windows.old
2009-07-31 16:37:58 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Identities
2009-07-31 16:37:48 ----SD---- C:\Users\HP_Administrator\AppData\Roaming\Microsoft
2009-07-31 16:37:48 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Media Center Programs
2009-07-31 16:27:10 ----RASH---- C:\Boot.ini.saved
2009-07-31 16:25:28 ----D---- C:\Windows\SoftwareDistribution
2009-07-31 16:23:22 ----D---- C:\Windows\Debug
2009-07-31 16:21:33 ----D---- C:\Windows\Prefetch
2009-07-31 16:10:58 ----RAS---- C:\BOOTSECT.BAK
2009-07-31 16:10:55 ----SHD---- C:\Boot
2009-07-31 15:50:34 ----SHD---- C:\RECYCLER
2009-07-31 12:50:31 ----SH---- C:\Boot.BAK
2009-07-31 12:50:17 ----RSHD---- C:\cmdcons
2009-07-31 12:40:45 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2009-08-18 15:59:28 ----D---- C:\Windows\Temp
2009-08-18 15:55:17 ----D---- C:\Windows\System32
2009-08-18 15:55:17 ----D---- C:\Windows\inf
2009-08-18 15:55:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-18 09:50:52 ----AD---- C:\Windows
2009-08-17 18:40:14 ----D---- C:\Windows\system32\catroot2
2009-08-15 18:41:55 ----RD---- C:\Program Files
2009-08-14 09:26:37 ----D---- C:\Windows\winsxs
2009-08-14 09:26:27 ----D---- C:\Program Files\Windows Media Player
2009-08-13 12:23:07 ----D---- C:\Windows\system32\drivers
2009-08-13 12:23:07 ----D---- C:\Windows\system32\catroot
2009-08-13 12:23:03 ----D---- C:\Windows\Tasks
2009-08-13 12:23:03 ----D---- C:\Windows\system32\Tasks
2009-08-13 09:29:49 ----D---- C:\Program Files\Windows Mail
2009-08-07 16:17:57 ----D---- C:\Windows\system32\NDF
2009-08-06 19:32:39 ----SD---- C:\Windows\Downloaded Program Files
2009-08-05 09:03:18 ----D---- C:\Windows\servicing
2009-08-03 14:44:34 ----HD---- C:\ProgramData
2009-08-03 12:29:22 ----HD---- C:\Config.Msi
2009-08-03 12:29:01 ----D---- C:\Program Files\Common Files
2009-08-03 09:37:40 ----D---- C:\Windows\rescache
2009-08-03 09:34:09 ----D---- C:\Windows\system32\migration
2009-08-03 09:34:09 ----D---- C:\Windows\system32\en-US
2009-08-03 09:34:08 ----D---- C:\Windows\system32\wbem
2009-08-03 09:34:08 ----D---- C:\Windows\system32\SLUI
2009-08-03 09:34:08 ----D---- C:\Windows\system32\manifeststore
2009-08-03 09:34:08 ----D---- C:\Windows\AppPatch
2009-08-03 09:34:08 ----D---- C:\Program Files\Windows Sidebar
2009-08-03 09:34:08 ----D---- C:\Program Files\Internet Explorer
2009-08-01 18:22:26 ----D---- C:\Program Files\Common Files\microsoft shared
2009-08-01 17:14:02 ----D---- C:\Windows\system32\WDI
2009-08-01 15:07:19 ----D---- C:\Windows\Microsoft.NET
2009-08-01 15:07:06 ----RSD---- C:\Windows\assembly
2009-08-01 11:07:20 ----ASH---- C:\Program Files\desktop.ini
2009-08-01 11:02:47 ----D---- C:\Windows\system32\ras
2009-08-01 11:02:47 ----D---- C:\Windows\system32\icsxml
2009-08-01 11:02:47 ----D---- C:\Program Files\Windows Calendar
2009-08-01 11:02:43 ----D---- C:\Windows\ehome
2009-08-01 11:02:42 ----D---- C:\Program Files\Common Files\System
2009-08-01 11:02:40 ----D---- C:\Program Files\Windows Defender
2009-08-01 09:24:02 ----D---- C:\Windows\ModemLogs
2009-07-31 18:09:40 ----SHD---- C:\$Recycle.Bin
2009-07-31 17:47:11 ----RD---- C:\Users
2009-07-31 17:31:02 ----SD---- C:\ProgramData\Microsoft
2009-07-31 17:23:44 ----D---- C:\Windows\Logs
2009-07-31 17:20:15 ----D---- C:\Windows\system32\restore
2009-07-31 16:27:10 ----SH---- C:\boot.ini
2009-07-31 15:58:50 ----HD---- C:\hp
2009-07-31 15:44:08 ----D---- C:\Python22
2009-07-29 17:49:14 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-06-26 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-06-26 147984]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-13 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RP_FWS;TELUS security services Firewall; C:\Program Files\TELUS\TELUS security services\Fws.exe [2008-12-09 363248]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
R3 Radialpoint Security Services;TELUS security services; C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2008-12-09 97520]

-----------------EOF-----------------

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 19 August 2009 - 03:51 PM

Step A
  • Please download GooredFix , making sure that you save this file to your Desktop.
  • Double-click GooredFix.exe on your Desktop (Note: If you are using Vista, right-click GooredFix and select Run As Administrator...).
  • Select Option#1 - Find Goored (no fix), by typing 1 and pressing Enter.
  • A logfile should popup shortly. Please post the log in your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 19 August 2009 - 10:41 PM

I wasn't able to complete step 3 as it automatically asked: GooredFix will automatically check for and remove infection. Click Yes to continue or No to exit.

The log after I pressed yes was:

GooredFix by jpshortstuff (12.07.09)
Log created at 20:41 on 19/08/2009 (HP_Administrator)
Firefox version [Unable to determine]

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 20 August 2009 - 04:46 PM

Step B
  • Close all Windows and Browsers, especially any Firefox Windows.
  • Double-click GooredFix.exe on your Desktop (Note: If you are using Vista right-click GooredFix and select Run As Administrator...)
  • Select Option#2 - Fix Goored by typing 2 and pressing Enter.
  • At the prompt, type y and press Enter.
  • GooredFix will now remove the infection, and a new log will popup. Please post the log in your next reply.
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 20 August 2009 - 08:43 PM

err, I'm certain I don't have Firefox installed on my computer, so the GooredFix log is the same as the previous posted one.

btw, I realize that the google redirect problem has gone away, although I don't know how that happened.
However, I don't think I am entirely clear of viruses.

Thank you for your continued support.

My new GooredFix log:

GooredFix by jpshortstuff (12.07.09)
Log created at 18:42 on 20/08/2009 (HP_Administrator)
Firefox version [Unable to determine]

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-

My new HijackThis log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-20 18:39:15
Microsoft® Windows Vista™ Home Premium
System drive C: has 223 GB (80%) free of 277 GB
Total RAM: 2038 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:29 PM, on 20/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Regular\Downloads\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroRebootSetup] "C:\Users\HP_Administrator\AppData\Local\Temp\nro.tmp\SetupX.exe" SC -Reboot PIINSTALLTYPE="0"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4159486086-894115154-3748162312-1001\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (User 'Regular')
O4 - HKUS\S-1-5-18\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
O23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5622 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\TELUS\TELUS security services\pkR.dll [2008-12-09 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-08-01 1006264]
"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2008-09-18 3228912]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"NeroRebootSetup"=C:\Users\HP_Administrator\AppData\Local\Temp\nro.tmp\SetupX.exe SC -Reboot PIINSTALLTYPE=0 []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-12 520024]
"MRT"=C:\Windows\system32\MRT.exe [2009-07-29 24281536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2006-11-02 216064]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-08-03 1295632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-05-18 2363392]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-08-20 09:45:20 ----D---- C:\DVDVOLUME
2009-08-15 18:41:55 ----D---- C:\rsit
2009-08-15 18:41:55 ----D---- C:\Program Files\trend micro
2009-08-12 08:51:42 ----A---- C:\Windows\system32\atl.dll
2009-08-12 08:51:40 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 08:51:36 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 08:51:35 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-12 08:51:35 ----A---- C:\Windows\system32\aaclient.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\msvidc32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\msvfw32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\msrle32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\mciavi32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 08:51:31 ----A---- C:\Windows\system32\avicap32.dll
2009-08-12 08:51:26 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 08:51:24 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 08:51:23 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 08:51:21 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 08:51:20 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-04 21:56:06 ----D---- C:\Windows\system32\Adobe
2009-08-03 20:21:42 ----A---- C:\Windows\ntbtlog.txt
2009-08-03 20:15:28 ----D---- C:\RootRepeal
2009-08-03 15:28:39 ----D---- C:\Avenger
2009-08-03 15:28:39 ----A---- C:\avenger.txt
2009-08-03 14:45:46 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Malwarebytes
2009-08-03 14:44:34 ----D---- C:\ProgramData\Malwarebytes
2009-08-03 14:44:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 12:29:36 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-08-03 12:29:20 ----D---- C:\Users\HP_Administrator\AppData\Roaming\SUPERAntiSpyware.com
2009-08-03 12:29:20 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-03 12:29:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-03 12:22:37 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-03 12:21:37 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-03 12:21:34 ----D---- C:\ProgramData\Lavasoft
2009-08-03 12:21:34 ----D---- C:\Program Files\Lavasoft
2009-08-03 09:29:24 ----A---- C:\Windows\system32\es.dll
2009-08-03 09:28:51 ----A---- C:\Windows\system32\setupapi.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\wpd_ci.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\winresume.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\winload.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\srdelayed.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\srcore.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\srclient.dll
2009-08-03 09:28:29 ----A---- C:\Windows\system32\rstrui.exe
2009-08-03 09:28:29 ----A---- C:\Windows\system32\kd1394.dll
2009-08-03 09:28:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-08-03 09:28:28 ----A---- C:\Windows\system32\drvinst.exe
2009-08-03 09:28:28 ----A---- C:\Windows\system32\ci.dll
2009-08-03 09:28:28 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\unlodctr.exe
2009-08-03 09:28:27 ----A---- C:\Windows\system32\prflbmsg.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\oleaut32.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\nshhttp.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\lodctr.exe
2009-08-03 09:28:27 ----A---- C:\Windows\system32\loadperf.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\kbd106n.dll
2009-08-03 09:28:27 ----A---- C:\Windows\system32\dpx.dll
2009-08-03 09:28:26 ----A---- C:\Windows\system32\schedsvc.dll
2009-08-03 09:28:25 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-08-03 09:28:25 ----A---- C:\Windows\system32\dispci.dll
2009-08-03 09:28:25 ----A---- C:\Windows\system32\batt.dll
2009-08-03 09:25:50 ----A---- C:\Windows\system32\WMASF.DLL
2009-08-03 09:25:50 ----A---- C:\Windows\system32\LAPRXY.DLL
2009-08-03 09:25:50 ----A---- C:\Windows\system32\asferror.dll
2009-08-03 09:25:29 ----A---- C:\Windows\system32\kernel32.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\secur32.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\lsass.exe
2009-08-03 09:25:28 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\apilogen.dll
2009-08-03 09:25:28 ----A---- C:\Windows\system32\amxread.dll
2009-08-02 16:33:58 ----A---- C:\Windows\system32\rpcss.dll
2009-08-02 16:33:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-08-02 16:33:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-08-02 16:33:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-08-02 16:33:56 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-08-02 16:33:53 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-02 16:33:53 ----A---- C:\Windows\system32\iasads.dll
2009-08-02 16:33:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-02 16:33:52 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-02 16:32:18 ----A---- C:\Windows\system32\slwmi.dll
2009-08-02 16:32:18 ----A---- C:\Windows\system32\SLC.dll
2009-08-02 16:32:18 ----A---- C:\Windows\system32\mcbuilder.exe
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLUINotify.dll
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLUI.exe
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLLUA.exe
2009-08-02 16:32:17 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-08-02 16:32:16 ----A---- C:\Windows\system32\SLsvc.exe
2009-08-02 16:32:16 ----A---- C:\Windows\system32\slcinst.dll
2009-08-02 16:31:31 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-02 16:31:31 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-02 16:31:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-02 16:30:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-02 16:30:23 ----A---- C:\Windows\system32\advpack.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\ieakui.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-02 16:30:22 ----A---- C:\Windows\system32\admparse.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\wininet.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\dxtrans.dll
2009-08-02 16:30:21 ----A---- C:\Windows\system32\dxtmsft.dll
2009-08-02 16:30:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-02 16:30:19 ----A---- C:\Windows\system32\ieui.dll
2009-08-02 16:30:19 ----A---- C:\Windows\system32\ieframe.dll
2009-08-02 16:30:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-08-02 16:30:17 ----A---- C:\Windows\system32\mshtmled.dll
2009-08-02 16:30:17 ----A---- C:\Windows\system32\ieencode.dll
2009-08-02 16:30:16 ----A---- C:\Windows\system32\mshtml.dll
2009-08-02 16:30:14 ----A---- C:\Windows\system32\mstime.dll
2009-08-02 16:30:14 ----A---- C:\Windows\system32\icardie.dll
2009-08-02 16:30:12 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-02 16:30:11 ----A---- C:\Windows\system32\urlmon.dll
2009-08-02 16:30:11 ----A---- C:\Windows\system32\pngfilt.dll
2009-08-02 16:30:11 ----A---- C:\Windows\system32\occache.dll
2009-08-02 16:30:11 ----A---- C:\Windows\system32\iertutil.dll
2009-08-02 16:30:10 ----A---- C:\Windows\system32\iesetup.dll
2009-08-02 16:30:10 ----A---- C:\Windows\system32\iernonce.dll
2009-08-02 16:30:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-08-02 16:28:56 ----A---- C:\Windows\system32\ntprint.exe
2009-08-02 16:28:56 ----A---- C:\Windows\system32\ntprint.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2009-08-02 16:28:54 ----A---- C:\Windows\system32\authui.dll
2009-08-02 16:28:52 ----A---- C:\Windows\system32\sendmail.dll
2009-08-02 16:28:25 ----A---- C:\Windows\system32\wshrm.dll
2009-08-02 16:28:11 ----A---- C:\Windows\system32\sbunattend.exe
2009-08-02 16:27:42 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-08-02 16:27:42 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-08-02 16:27:42 ----A---- C:\Windows\system32\dnsapi.dll
2009-08-02 16:27:32 ----A---- C:\Windows\system32\schannel.dll
2009-08-01 19:41:44 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Nero
2009-08-01 19:33:03 ----D---- C:\ProgramData\LightScribe
2009-08-01 19:29:05 ----A---- C:\Windows\system32\PROUnstl.exe
2009-08-01 19:28:47 ----A---- C:\Windows\system32\MRT.INI
2009-08-01 19:27:50 ----D---- C:\Program Files\MSXML 4.0
2009-08-01 19:17:58 ----D---- C:\Windows\Minidump
2009-08-01 19:13:48 ----A---- C:\Windows\system32\vsfoceebgwpyqb.dll
2009-08-01 19:13:42 ----A---- C:\Windows\system32\vsfocebyxtqnre.dll
2009-08-01 18:41:49 ----A---- C:\Windows\Irremote.ini
2009-08-01 18:27:15 ----D---- C:\Program Files\Nero
2009-08-01 18:26:41 ----D---- C:\ProgramData\Nero
2009-08-01 18:26:41 ----D---- C:\Program Files\Common Files\Nero
2009-08-01 18:25:50 ----A---- C:\Windows\system32\ole32.dll
2009-08-01 18:24:23 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-08-01 18:23:19 ----D---- C:\Program Files\Common Files\LightScribe
2009-08-01 18:22:15 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Adobe
2009-08-01 18:07:27 ----D---- C:\Program Files\WinRAR
2009-08-01 10:52:47 ----A---- C:\Windows\system32\winipsec.dll
2009-08-01 10:52:47 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-08-01 10:52:46 ----A---- C:\Windows\system32\polstore.dll
2009-08-01 10:52:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-08-01 10:51:34 ----A---- C:\Windows\system32\riched32.dll
2009-08-01 10:51:34 ----A---- C:\Windows\system32\riched20.dll
2009-08-01 10:51:30 ----A---- C:\Windows\system32\rasser.dll
2009-08-01 10:51:30 ----A---- C:\Windows\system32\rasdiag.dll
2009-08-01 10:51:30 ----A---- C:\Windows\system32\rascfg.dll
2009-08-01 10:51:29 ----A---- C:\Windows\system32\rasmxs.dll
2009-08-01 10:51:29 ----A---- C:\Windows\system32\netcfgx.dll
2009-08-01 10:51:28 ----A---- C:\Windows\system32\msftedit.dll
2009-08-01 10:51:27 ----A---- C:\Windows\system32\ipnathlp.dll
2009-08-01 10:51:27 ----A---- C:\Windows\system32\icsunattend.exe
2009-08-01 10:51:26 ----A---- C:\Windows\system32\wshqos.dll
2009-08-01 10:51:25 ----A---- C:\Windows\system32\traffic.dll
2009-08-01 10:51:25 ----A---- C:\Windows\system32\pacerprf.dll
2009-08-01 10:51:23 ----A---- C:\Windows\system32\dps.dll
2009-08-01 10:51:23 ----A---- C:\Windows\system32\cdd.dll
2009-08-01 10:50:17 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-08-01 10:50:17 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-08-01 10:50:17 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-01 10:48:47 ----A---- C:\Windows\system32\mcmde.dll
2009-08-01 10:48:47 ----A---- C:\Windows\system32\EncDec.dll
2009-08-01 10:48:46 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-01 10:46:57 ----A---- C:\Windows\system32\msoert2.dll
2009-08-01 10:46:57 ----A---- C:\Windows\system32\msoeacct.dll
2009-08-01 10:46:57 ----A---- C:\Windows\system32\ACCTRES.dll
2009-08-01 10:45:46 ----A---- C:\Windows\system32\wtsapi32.dll
2009-08-01 10:45:41 ----A---- C:\Windows\system32\sysmain.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlansvc.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlansec.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlanhlp.dll
2009-08-01 10:45:39 ----A---- C:\Windows\system32\wlanapi.dll
2009-08-01 10:44:37 ----A---- C:\Windows\system32\WebClnt.dll
2009-08-01 10:42:47 ----A---- C:\Windows\system32\t2embed.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\lpk.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\fontsub.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\dciman32.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\atmlib.dll
2009-08-01 10:42:46 ----A---- C:\Windows\system32\atmfd.dll
2009-08-01 10:40:51 ----A---- C:\Windows\system32\csrsrv.dll
2009-08-01 10:40:50 ----A---- C:\Windows\system32\winsrv.dll
2009-08-01 10:37:52 ----A---- C:\Windows\system32\winhttp.dll
2009-08-01 10:36:05 ----A---- C:\Windows\system32\gdi32.dll
2009-08-01 10:33:26 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-08-01 10:32:33 ----A---- C:\Windows\system32\xolehlp.dll
2009-08-01 10:32:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-01 10:31:35 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-01 10:31:23 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-01 10:31:19 ----A---- C:\Windows\system32\gameux.dll
2009-08-01 10:29:46 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-01 10:28:51 ----A---- C:\Windows\system32\msxml3r.dll
2009-08-01 10:28:51 ----A---- C:\Windows\system32\msxml3.dll
2009-08-01 10:27:53 ----A---- C:\Windows\system32\msscp.dll
2009-08-01 10:26:52 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-08-01 10:25:56 ----A---- C:\Windows\system32\MPSSVC.dll
2009-08-01 10:25:56 ----A---- C:\Windows\system32\FirewallAPI.dll
2009-08-01 10:25:55 ----A---- C:\Windows\system32\wfapigp.dll
2009-08-01 10:25:55 ----A---- C:\Windows\system32\icfupgd.dll
2009-08-01 10:25:55 ----A---- C:\Windows\system32\cmifw.dll
2009-08-01 10:25:54 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-08-01 10:23:34 ----A---- C:\Windows\system32\netapi32.dll
2009-08-01 10:21:23 ----A---- C:\Windows\system32\tzres.dll
2009-08-01 10:16:24 ----A---- C:\Windows\system32\shell32.dll
2009-08-01 10:15:06 ----A---- C:\Windows\system32\localspl.dll
2009-08-01 10:08:35 ----A---- C:\Windows\system32\DWWIN.EXE
2009-08-01 10:07:34 ----A---- C:\Windows\explorer.exe
2009-08-01 10:05:32 ----A---- C:\Windows\system32\hccoin.dll
2009-08-01 10:05:31 ----A---- C:\Windows\system32\hcrstco.dll
2009-08-01 10:03:40 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-08-01 10:03:40 ----A---- C:\Windows\system32\netiougc.exe
2009-08-01 10:03:40 ----A---- C:\Windows\system32\netcfg.exe
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-08-01 10:02:37 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-08-01 10:02:36 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-08-01 10:02:36 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-08-01 10:02:36 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-08-01 10:02:35 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-08-01 10:02:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-08-01 10:02:34 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-08-01 10:02:34 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-08-01 10:02:33 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-08-01 10:02:33 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-08-01 10:02:32 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-08-01 10:02:32 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-08-01 10:02:31 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-08-01 10:02:31 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-08-01 10:02:30 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-08-01 10:02:30 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-08-01 10:02:29 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-01 10:02:29 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-01 10:02:28 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-08-01 10:02:28 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-08-01 10:02:27 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-08-01 10:02:27 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-08-01 10:02:27 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-08-01 10:02:26 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-08-01 10:02:26 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-08-01 10:02:25 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-08-01 10:02:25 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-08-01 10:02:24 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-08-01 10:02:24 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-08-01 10:02:23 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-08-01 10:02:23 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-08-01 10:02:22 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-08-01 10:02:22 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-08-01 10:02:21 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-08-01 10:02:21 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-08-01 10:02:20 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-08-01 10:02:20 ----A---- C:\Windows\system32\NlsData0046.dll
2009-08-01 10:02:20 ----A---- C:\Windows\system32\NlsData0045.dll
2009-08-01 10:02:19 ----A---- C:\Windows\system32\NlsData0049.dll
2009-08-01 10:02:19 ----A---- C:\Windows\system32\NlsData0047.dll
2009-08-01 10:02:19 ----A---- C:\Windows\system32\NlsData0039.dll
2009-08-01 10:02:18 ----A---- C:\Windows\system32\NlsData0021.dll
2009-08-01 10:02:18 ----A---- C:\Windows\system32\NlsData0020.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0027.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0026.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0024.dll
2009-08-01 10:02:17 ----A---- C:\Windows\system32\NlsData0022.dll
2009-08-01 10:02:16 ----A---- C:\Windows\system32\NlsData0011.dll
2009-08-01 10:02:16 ----A---- C:\Windows\system32\NlsData0010.dll
2009-08-01 10:02:15 ----A---- C:\Windows\system32\NlsData0018.dll
2009-08-01 10:02:15 ----A---- C:\Windows\system32\NlsData0013.dll
2009-08-01 10:02:15 ----A---- C:\Windows\system32\NlsData0000.dll
2009-08-01 10:02:14 ----A---- C:\Windows\system32\NlsData0019.dll
2009-08-01 10:02:14 ----A---- C:\Windows\system32\NlsData0002.dll
2009-08-01 10:02:14 ----A---- C:\Windows\system32\NlsData0001.dll
2009-08-01 10:02:13 ----A---- C:\Windows\system32\NlsData0009.dll
2009-08-01 10:02:13 ----A---- C:\Windows\system32\NlsData0007.dll
2009-08-01 10:02:13 ----A---- C:\Windows\system32\NlsData0003.dll
2009-08-01 10:02:12 ----A---- C:\Windows\system32\NlsData004c.dll
2009-08-01 10:02:12 ----A---- C:\Windows\system32\NlsData004b.dll
2009-08-01 10:02:12 ----A---- C:\Windows\system32\NlsData004a.dll
2009-08-01 10:02:11 ----A---- C:\Windows\system32\NlsData004e.dll
2009-08-01 10:02:11 ----A---- C:\Windows\system32\NlsData003e.dll
2009-08-01 10:02:11 ----A---- C:\Windows\system32\NlsData002a.dll
2009-08-01 10:02:10 ----A---- C:\Windows\system32\NlsData001b.dll
2009-08-01 10:02:10 ----A---- C:\Windows\system32\NlsData001a.dll
2009-08-01 10:02:09 ----A---- C:\Windows\system32\NlsData001d.dll
2009-08-01 10:02:09 ----A---- C:\Windows\system32\NlsData000c.dll
2009-08-01 10:02:09 ----A---- C:\Windows\system32\NlsData000a.dll
2009-08-01 10:02:08 ----A---- C:\Windows\system32\NlsData000f.dll
2009-08-01 10:02:08 ----A---- C:\Windows\system32\NlsData000d.dll
2009-08-01 10:02:07 ----A---- C:\Windows\system32\NlsData0416.dll
2009-08-01 10:02:07 ----A---- C:\Windows\system32\NlsData0414.dll
2009-08-01 10:02:07 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-01 10:02:06 ----A---- C:\Windows\system32\NlsData081a.dll
2009-08-01 10:02:06 ----A---- C:\Windows\system32\NlsData0816.dll
2009-08-01 10:02:05 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-08-01 10:02:04 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-08-01 09:51:51 ----A---- C:\Windows\system32\win32spl.dll
2009-08-01 09:51:51 ----A---- C:\Windows\system32\printcom.dll
2009-08-01 09:38:15 ----A---- C:\Windows\system32\dfshim.dll
2009-08-01 09:38:14 ----A---- C:\Windows\system32\netfxperf.dll
2009-08-01 09:38:08 ----A---- C:\Windows\system32\mscoree.dll
2009-08-01 09:38:05 ----A---- C:\Windows\system32\mscorier.dll
2009-08-01 09:38:03 ----A---- C:\Windows\system32\mscories.dll
2009-08-01 09:31:45 ----D---- C:\ProgramData\SlySoft
2009-08-01 09:26:01 ----A---- C:\Windows\system32\rrinstaller.exe
2009-08-01 09:26:01 ----A---- C:\Windows\system32\mfps.dll
2009-08-01 09:26:01 ----A---- C:\Windows\system32\mf.dll
2009-08-01 09:26:00 ----A---- C:\Windows\system32\mfpmp.exe
2009-08-01 09:26:00 ----A---- C:\Windows\system32\mferror.dll
2009-08-01 09:25:58 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-01 09:25:58 ----A---- C:\Windows\system32\logagent.exe
2009-08-01 09:25:56 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-08-01 09:25:26 ----A---- C:\Windows\system32\INETRES.dll
2009-08-01 09:25:26 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-01 09:25:14 ----A---- C:\Windows\system32\connect.dll
2009-08-01 09:24:59 ----A---- C:\Windows\system32\wmi.dll
2009-08-01 09:24:58 ----A---- C:\Windows\system32\imagehlp.dll
2009-08-01 09:24:52 ----A---- C:\Windows\system32\rpcrt4.dll
2009-08-01 09:24:43 ----A---- C:\Windows\system32\quartz.dll
2009-08-01 09:23:57 ----D---- C:\Program Files\CONEXANT
2009-08-01 09:23:44 ----A---- C:\Windows\system32\crypt32.dll
2009-08-01 09:23:32 ----A---- C:\Windows\system32\user32.dll
2009-08-01 09:23:27 ----A---- C:\Windows\system32\msxml6r.dll
2009-08-01 09:23:27 ----A---- C:\Windows\system32\msxml6.dll
2009-08-01 09:22:31 ----A---- C:\Windows\system32\qmgr.dll
2009-07-31 20:32:28 ----D---- C:\Intel
2009-07-31 20:31:42 ----D---- C:\Windows\system32\x64
2009-07-31 20:31:42 ----A---- C:\Windows\system32\igxpun.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\oemdspif.dll
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxzoom.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxtray.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxsrvc.exe
2009-07-31 20:30:13 ----A---- C:\Windows\system32\igfxCoIn_v1114.dll
2009-07-31 20:30:12 ----A---- C:\Windows\system32\igfxsrvc.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxress.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxpph.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxpers.exe
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxext.exe
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxexps.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxdo.dll
2009-07-31 20:30:11 ----A---- C:\Windows\system32\igfxdev.dll
2009-07-31 20:30:10 ----A---- C:\Windows\system32\igfxcfg.exe
2009-07-31 20:30:10 ----A---- C:\Windows\system32\ig4icd32.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\ig4dev32.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\hkcmd.exe
2009-07-31 20:30:09 ----A---- C:\Windows\system32\hccutils.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\difxapi.dll
2009-07-31 20:30:09 ----A---- C:\Windows\system32\difx32.dll
2009-07-31 20:14:27 ----D---- C:\ProgramData\Messenger Plus!
2009-07-31 20:14:23 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-31 20:10:24 ----D---- C:\Program Files\SlySoft
2009-07-31 19:44:42 ----D---- C:\ProgramData\DVD Shrink
2009-07-31 19:44:40 ----D---- C:\Program Files\DVD Shrink
2009-07-31 18:09:31 ----A---- C:\Windows\system32\ChCfg.exe
2009-07-31 18:09:30 ----A---- C:\Windows\system32\RtkAPO.dll
2009-07-31 18:09:18 ----D---- C:\Windows\system32\RTCOM
2009-07-31 18:06:48 ----A---- C:\Windows\DIFxAPI.dll
2009-07-31 18:06:46 ----A---- C:\Windows\system32\RtkPgExt.dll
2009-07-31 18:06:46 ----A---- C:\Windows\RtlUpd.exe
2009-07-31 18:06:45 ----D---- C:\Program Files\Realtek
2009-07-31 18:06:45 ----A---- C:\Windows\RtHDVCpl.exe
2009-07-31 18:06:29 ----A---- C:\Windows\RtlExUpd.dll
2009-07-31 18:06:25 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-31 17:58:01 ----D---- C:\Windows\system32\Macromed
2009-07-31 17:39:18 ----D---- C:\ProgramData\Raxco
2009-07-31 17:39:18 ----D---- C:\Program Files\Raxco
2009-07-31 17:37:34 ----D---- C:\Users\HP_Administrator\AppData\Roaming\TELUS
2009-07-31 17:37:26 ----D---- C:\ProgramData\TELUS
2009-07-31 17:37:26 ----D---- C:\Program Files\TELUS
2009-07-31 17:37:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-31 17:35:52 ----D---- C:\Program Files\Microsoft
2009-07-31 17:35:32 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-31 17:35:14 ----D---- C:\Program Files\Windows Live
2009-07-31 17:35:00 ----D---- C:\Windows\PCHEALTH
2009-07-31 17:34:57 ----SHD---- C:\Windows\Installer
2009-07-31 17:31:18 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wups2.dll
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wucltux.dll
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-31 17:20:53 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-31 17:20:42 ----A---- C:\Windows\system32\wups.dll
2009-07-31 17:20:42 ----A---- C:\Windows\system32\wudriver.dll
2009-07-31 17:20:42 ----A---- C:\Windows\system32\wuapi.dll
2009-07-31 17:20:40 ----D---- C:\Windows\Panther
2009-07-31 17:20:28 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-31 17:20:28 ----A---- C:\Windows\system32\wuapp.exe
2009-07-31 17:12:57 ----D---- C:\Windows.old
2009-07-31 16:37:58 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Identities
2009-07-31 16:37:48 ----SD---- C:\Users\HP_Administrator\AppData\Roaming\Microsoft
2009-07-31 16:37:48 ----D---- C:\Users\HP_Administrator\AppData\Roaming\Media Center Programs
2009-07-31 16:27:10 ----RASH---- C:\Boot.ini.saved
2009-07-31 16:25:28 ----D---- C:\Windows\SoftwareDistribution
2009-07-31 16:23:22 ----D---- C:\Windows\Debug
2009-07-31 16:21:33 ----D---- C:\Windows\Prefetch
2009-07-31 16:10:58 ----RAS---- C:\BOOTSECT.BAK
2009-07-31 16:10:55 ----SHD---- C:\Boot
2009-07-31 15:50:34 ----SHD---- C:\RECYCLER
2009-07-31 12:50:31 ----SH---- C:\Boot.BAK
2009-07-31 12:50:17 ----RSHD---- C:\cmdcons
2009-07-31 12:40:45 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2009-08-20 18:39:10 ----D---- C:\Windows\Temp
2009-08-20 08:55:43 ----D---- C:\Windows\System32
2009-08-20 08:55:42 ----D---- C:\Windows\inf
2009-08-20 08:55:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-20 08:53:12 ----AD---- C:\Windows
2009-08-17 18:40:14 ----D---- C:\Windows\system32\catroot2
2009-08-15 18:41:55 ----RD---- C:\Program Files
2009-08-14 09:26:37 ----D---- C:\Windows\winsxs
2009-08-14 09:26:27 ----D---- C:\Program Files\Windows Media Player
2009-08-13 12:23:07 ----D---- C:\Windows\system32\drivers
2009-08-13 12:23:07 ----D---- C:\Windows\system32\catroot
2009-08-13 12:23:03 ----D---- C:\Windows\Tasks
2009-08-13 12:23:03 ----D---- C:\Windows\system32\Tasks
2009-08-13 09:29:49 ----D---- C:\Program Files\Windows Mail
2009-08-07 16:17:57 ----D---- C:\Windows\system32\NDF
2009-08-06 19:32:39 ----SD---- C:\Windows\Downloaded Program Files
2009-08-05 09:03:18 ----D---- C:\Windows\servicing
2009-08-03 14:44:34 ----HD---- C:\ProgramData
2009-08-03 12:29:22 ----HD---- C:\Config.Msi
2009-08-03 12:29:01 ----D---- C:\Program Files\Common Files
2009-08-03 09:37:40 ----D---- C:\Windows\rescache
2009-08-03 09:34:09 ----D---- C:\Windows\system32\migration
2009-08-03 09:34:09 ----D---- C:\Windows\system32\en-US
2009-08-03 09:34:08 ----D---- C:\Windows\system32\wbem
2009-08-03 09:34:08 ----D---- C:\Windows\system32\SLUI
2009-08-03 09:34:08 ----D---- C:\Windows\system32\manifeststore
2009-08-03 09:34:08 ----D---- C:\Windows\AppPatch
2009-08-03 09:34:08 ----D---- C:\Program Files\Windows Sidebar
2009-08-03 09:34:08 ----D---- C:\Program Files\Internet Explorer
2009-08-01 18:22:26 ----D---- C:\Program Files\Common Files\microsoft shared
2009-08-01 17:14:02 ----D---- C:\Windows\system32\WDI
2009-08-01 15:07:19 ----D---- C:\Windows\Microsoft.NET
2009-08-01 15:07:06 ----RSD---- C:\Windows\assembly
2009-08-01 11:07:20 ----ASH---- C:\Program Files\desktop.ini
2009-08-01 11:02:47 ----D---- C:\Windows\system32\ras
2009-08-01 11:02:47 ----D---- C:\Windows\system32\icsxml
2009-08-01 11:02:47 ----D---- C:\Program Files\Windows Calendar
2009-08-01 11:02:43 ----D---- C:\Windows\ehome
2009-08-01 11:02:42 ----D---- C:\Program Files\Common Files\System
2009-08-01 11:02:40 ----D---- C:\Program Files\Windows Defender
2009-08-01 09:24:02 ----D---- C:\Windows\ModemLogs
2009-07-31 18:09:40 ----SHD---- C:\$Recycle.Bin
2009-07-31 17:47:11 ----RD---- C:\Users
2009-07-31 17:31:02 ----SD---- C:\ProgramData\Microsoft
2009-07-31 17:23:44 ----D---- C:\Windows\Logs
2009-07-31 17:20:15 ----D---- C:\Windows\system32\restore
2009-07-31 16:27:10 ----SH---- C:\boot.ini
2009-07-31 15:58:50 ----HD---- C:\hp
2009-07-31 15:44:08 ----D---- C:\Python22
2009-07-29 17:49:14 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-06-26 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-06-26 147984]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-13 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
R2 RP_FWS;TELUS security services Firewall; C:\Program Files\TELUS\TELUS security services\Fws.exe [2008-12-09 363248]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]
R3 Radialpoint Security Services;TELUS security services; C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2008-12-09 97520]

-----------------EOF-----------------

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 21 August 2009 - 12:46 PM

Sorry about that. Must have been a Senior Moment!

NOTE: If for some reason you are unable to complete a step(s), skip that step and continue with the rest of the steps. Please describe your problem with the step in your next reply.

Step 1

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 2

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
  • Please download TFC by OldTimer to your desktop.
  • Open the file and close any other windows.
  • It will close all programs itself when run; make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • After it is finished, it should reboot your machine, if not, do this yourself to ensure a complete clean.
Step 3

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 4

Please download Spybot-S&D©® and install Spybot-S&D©® .
  • Be sure to UNCHECK TeaTimer when presented with the option to install. You can enable it after you are clean.
  • Run Spybot-S&D©® , go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
  • Click the button "Search for Updates".
  • If any updates are found, install them by placing a check mark next to each one and clicking "Download Updates".
  • If you encounter any error messages while downloading the updates, manually download them from here.
  • Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
  • Click the button "Check for Problems".
  • When Spybot-S&D©® is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
  • Make certain there is a check mark beside all of the RED entries ONLY.
  • Choose "Fix Selected Problems" and allow Spybot-S&D©® to fix the RED entries.
  • REBOOT to complete the scan and clear memory.
Note: After Windows loads, Spybot-S&D©® may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

Step 5

I recommend using Spyware Blaster.
  • Please download SpywareBlaster and save it to your desktop.
  • Double click on it to install the program.
  • Follow the prompts and choose the default locations when installing the program.
  • When the program is installed, it will place an icon on your desktop.
  • Double click on the SpywareBlaster icon and you will be presented with a brief tutorial. On the first page of this tutorial, you will see some of the SpywareBlaster features
  • Click on the Next button to proceed to the second page of the tutorial.
  • If you want to purchase the software, then you should select Automatic Updating. If you do not plan on purchasing the software, then you should select the option for Manual Updating. Press the Next button.
  • At the next screen, click Finish.
  • At the next screen, Protection Status, click Enable All Protection.
  • Click Download Latest Protection Updates. This will ensure that SpywareBlaster has the latest definitions so that it can protect your browser more efficiently. You should update SpywareBlaster regularly, as much as every few days, in order to provide the best protection. Each time you update, be sure to click Enable All Protection.
Step 6

We need to disconnect your computer from the Internet. By doing this, it prevents any further Internet activity until the removal of malware is complete. You need to make it impossible for viruses, trojan horses, worms and spyware to call for backup once you start to dismantle them. They will continue to infect your computer with new variants while you are connected to the Internet. We also need to prevent hackers from controlling your system and they will try to prevent you from removing the pests they installed on your computer.

Close ALL browser windows (including this one). Exit all processes and items in your System tray.

According to how your computer connects to the Internet, please disconnect your computer from the Internet. Possible means of disconnecting your computer from the Internet include:
  • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
  • Turn your modem off.
  • Disconnect your modem cable from your computer.
  • Turn the device off for Hand-held wireless connections.
  • Some laptops have a switch that will disconnect the laptop from the Internet.
Step 7

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.
Please disable the following program(s):

SUPERAntiSpyware

We need to disable SUPERAntiSpyware as it may interfere with the fixes that we need to make.
  • Right click on the icon in your System Tray.
  • Click Exit
  • Make sure that the program, SUPERAntiSpyware itself, is also closed/not running.
Step 8

Now we will address the HijackThis fixes.
  • If you have not already done so, please download Trend Micro - HijackThis.
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  • Click Install.
  • A shortcut will be created on your Desktop and HijackThis will run automatically.
  • Click the button labeled Do a system scan only.
  • Click the Scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
  • Click in the boxes to the left of the following entries to place check marks (make sure not to miss any):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
    O4 - HKUS\S-1-5-18\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')

  • Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Step 9

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow Computer/browser? Check Here First; It May Not Be Malware
What to do if your Computer is running slowly
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 10

Please download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "Safe Mode" .
-- Post the log in your next reply.

Perform an anti-rootkit (ARK) scan with one of the following:Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug your Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.

Step 11

Check to see if you have insecure applications with
Secunia Software Inspector. Secunia Software Inspector:
  • Detects insecure versions of common/popular programs installed on your computer.
  • Verifies that all Microsoft patches are applied.
  • Assists you in updating, patching, and protecting your computer.
  • Activates additional security features in Sun Java.
  • Runs through your browser. No installation or download is required.
Step 12

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post:
  • the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
  • a new HijackThis log
Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 21 August 2009 - 11:00 PM

I will be busy and will not reply for the next 3-4 days. I will post the results of the scan when I finish scanning.

#12 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 22 August 2009 - 02:37 PM

OK. I will keep your topic open.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#13 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 25 August 2009 - 05:43 PM

This will take me a little longer than originally predicted, so please stay with me. Would you like me to post some of the results of the earlier steps, or do you want me to show the end results all at once?

#14 canada_line

canada_line
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 26 August 2009 - 06:15 PM

All right, I have finished scanning:

The results of the online scan:

Panda's ActiveScan report: (I did not click clean for this one as I had to register, and after registration, it asked to rescan my computer) I have the report, however:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-08-21 17:49:20
PROTECTIONS: 5
MALWARE: 30
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
TELUS security services Anti-Virus 7.0.26 Yes Yes
Lavasoft Ad-Watch Live! Anti-Virus No Yes
Windows Defender 1.1.1505.0 No Yes
SUPERAntiSpyware 4, 27, 0, 1000 No Yes
TELUS security services Anti-Spyware 7.0.26 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\regular@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\HP_Administrator\AppData\Roaming\Microsoft\Windows\Cookies\hp_administrator@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@tribalfusion[3].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@yadro[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@statse.webtrendslive[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@bluestreak[1].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@bravenet[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@go[1].txt
00205140 Cookie/Research-int TrackingCookie No 0 Yes No C:\Users\Regular\AppData\Roaming\Microsoft\Windows\Cookies\Low\regular@research-int[2].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Windows.old\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00450614 Adware/2Search Adware No 0 No No C:\Windows.old\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe[PPCToolbar.dll]
00487624 Trj/Banker.LNO Virus/Trojan No 1 Yes No C:\hp\recovery\wizard\SWR_Wizard.exe
02470860 Generic Trojan Virus/Trojan No 0 Yes No C:\Windows\System32\vsfoceebgwpyqb.dll
02471313 Generic Trojan Virus/Trojan No 0 Yes No C:\Windows\System32\vsfocebyxtqnre.dll
03983016 Generic Malware Virus/Trojan No 0 Yes No C:\Windows.old\Program Files\Updates from HP\9972322\Program\Interop.SHDocVw.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location |x��0�b�9
;===================================================================================================================================================================================
No C:\Users\Public\Documents\SlySoft.AnyDVD.v6.5.5.9.Final\SlySoft.AnyDVD.v6.5.5.9.Final\RESET\AnyDVD Cleaner v6.exe
No C:\Windows\System32\drivers\vsfocehtcoghsl.sys |x��0�b�9
No C:\Windows.old\Program Files\Online Services\MSN90\pkgs\en\us\msncli.exe[C:\Windows.old\Program Files\Online Services\MSN90\pkgs\en\us\msncli.exe][mailares.dll]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |x��0�b�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================



From BitDefender: (copy and pasted from HTML)

BitDefender Online Scanner



Scan report generated at: Tue, Aug 25, 2009 - 02:01:15





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
01:50:18

Files
464497

Folders
16932

Boot Sectors
0

Archives
18177

Packed Files
43247




Results

Identified Viruses
3

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
3913341

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Jul 24 2009)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\InstallShield Installation Information\{69F6C2C5-2DFB-47C3-9B4D-45918ED52E6C}\RPS Ksdk.msi=>(Embedded CAB)=>udinstaller32.exe
Infected with: Trojan.Generic.IS.597508

C:\Program Files\InstallShield Installation Information\{69F6C2C5-2DFB-47C3-9B4D-45918ED52E6C}\RPS Ksdk.msi=>(Embedded CAB)=>udinstaller32.exe
Deleted

C:\Program Files\InstallShield Installation Information\{69F6C2C5-2DFB-47C3-9B4D-45918ED52E6C}\RPS Ksdk.msi=>(Embedded CAB)
Update failed

C:\Program Files\InstallShield Installation Information\{69F6C2C5-2DFB-47C3-9B4D-45918ED52E6C}\udinstaller32.exe
Infected with: Trojan.Generic.IS.597508

C:\Program Files\InstallShield Installation Information\{69F6C2C5-2DFB-47C3-9B4D-45918ED52E6C}\udinstaller32.exe
Deleted

C:\Program Files\TELUS\TELUS security services\Kav\udinstaller32.exe
Infected with: Trojan.Generic.IS.597508

C:\Program Files\TELUS\TELUS security services\Kav\udinstaller32.exe
Deleted

C:\Users\Public\Documents\SlySoft.AnyDVD.v6.5.5.9.Final\SlySoft.AnyDVD.v6.5.5.9.Final\RESET\AnyDVD Cleaner v6.exe
Infected with: Trojan.Generic.IS.598318

C:\Users\Public\Documents\SlySoft.AnyDVD.v6.5.5.9.Final\SlySoft.AnyDVD.v6.5.5.9.Final\RESET\AnyDVD Cleaner v6.exe
Deleted

C:\Windows\System32\vsfocebyxtqnre.dll
Infected with: Trojan.CryptRedol.Gen.2

C:\Windows\System32\vsfocebyxtqnre.dll
Deleted

C:\Windows\System32\vsfoceebgwpyqb.dll
Infected with: Trojan.CryptRedol.Gen.2

C:\Windows\System32\vsfoceebgwpyqb.dll
Deleted





Optional: Dr.web Cure it report

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
inetchk.exe;C:\Windows.old\Program Files\music_now;Trojan.Click.2093;Deleted.;
AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
AOLCINST.EXE;C:\Windows.old\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;



Optional: Sophos Anti rootkit scan result (description of non-deleted file)

Area: Windows registry
Description: Hidden registry key
Location: \HKEY_USERS\S-1-5-18\Software\Microsoft\CTF\Assemblies\0x00000409
Removable: No
Notes: (no more detail available)


Final HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:45 PM, on 26/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TELUS\TELUS security services\rps.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Installation Diagnostics] "C:\Program Files\Brother\Brmfl06a\Brinstck.exe" /I MFC-240C USB
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4159486086-894115154-3748162312-1001\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (User 'Regular')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe
O23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7481 bytes


By the way, please do give me a list of the optional fixes that I can remove, thank you.

Lastly, there were some errors during some of the scan, some of which I don't remember anymore.


Thank you very much for your support.

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:51 PM

Posted 01 September 2009 - 07:04 AM

By fixing the "Optional Fixes", you will remove the program from your startup but you will not remove the program itself. Note the large number of startup items. This adversely affects the bootup time and computer speed with this large amount of unnecessary programs loading at startup and then running in the background.

Please run HijackThis and click Scan. Place checks next to the HijackThis entries that are Optional Fixes that you have chosen to remove from your startup list.

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

oobefldr.dll (WindowsWelcomeCenter) process can be removed to free up resources without compromising system performance. oobefldr.dll is a Welcome Center from Microsoft Corporation belonging to Microsoft® Windows® Operating System. WindowsWelcomeCenter is not necessary for startup. It is usually run infrequently and can be started manually if needed. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')


msnmsgr.exe (MSN Messenger From Microsoft) (Windows Messenger) is the Microsoft instant messaging program built into Windows XP. There is also a Windows Messenger service built into Windows XP that helps produce pop up ads via IP addresses. The two programs are completely separate and do different things even though Microsoft has essentially named them the same. MSN Messenger from Microsoft is an online chat, instant messaging program and file sharing program bundled with Windows and Microsoft Office. MSN Messenger is another chat program from Microsoft that can run simultaneously with Windows Messenger. If you don't use Windows Messenger (IM, MSN Messenger), you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger (IM, MSN Messenger)".
Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

LightScribeControlPanel.exe (LightScribe-Hewlett-Packard) process can be removed to free up resources without compromising system performance. Related to LightScribe from Hewlett-Packard. LightScribe is an innovative technology that uses a special disc drive, special media, and label-making software to burn labels directly onto CDs and DVDs. This is a valid program but it is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

sidebar.exe (Windows Vista Sidebar) process can be removed to free up resources without compromising system performance. sidebar.exe belongs to Windows Sidebar on the Windows Desktop. Windows desktop sidebar is the best alternative for Longhorn desktop. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')


GoogleUpdaterService.exe (Google Updater) process can be removed to free up resources without compromising system performance. Used to update Google programs such as Google Toolbar. This is a valid program but it is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. To change the service to Manual or Disable.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Google Updater Service and double-click on it.
  • Change the Startup Type: to Manual or Disable.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users