Hi,

I am trying to fix a friends laptop (Running Vista Basic) which was full of mallware after he never renewed his Kaspersky Internet Security (this can no longer be run after renewing or reinstalled). I could not get anything to install or IE to download from the web. Also IE would redirect to weird and wonderful pages. I have manged to get IE working ok and cleaned some of the mallware out via Spyware Doctor and CCleaner. Spyware Doctor cannot remove the remaining infections as it crashes the machine crashing with memory dump blue screen. I have ran hijack this and the log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:15, on 27/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SC467.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6712 bytes


Thanks in advance

Martin

Hi Supersons,

- what fixtools have you run to try to clean this system ? only ccleaner and spyware doctor ?
- Did you manually delete any file ?

There is nothing bad showing in your log, but this process path is uncommon: \?\C:\Windows\system32\wbem\WMIADAP.EXE

WMIADAP.EXE is a legit file but it should not have \?\C:\ showing...

Download Malwarebytes Anti-Malware from http://www.majorgeeks.com/Malwarebyte'...ware_d5756.html to the desktop.

If you can't download from this system, use a clean pendrive and run the installer from it.

- Double-click on Download_mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both these checked:
- Update Malwarebytes Anti-Malware
- Launch Malwarebytes Anti-Malware
- Then click Finish.

- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
- On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
- The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.

- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

NB - If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.

Download RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop and run it there.

Post the log.txt it generates along with the mbam report.

You may need more than one post for this, please do so.

Chris

Hi,

thanks for your quick response. Hit the first problem. When I try to run Malwarebytes Anti-Malware Full scan it closes the app and then refuses to reopen (I guess this is related the issue) It infers I don't have the appropriate permissions to access the item even though I am logged on as administrator. Had a quick look on the majorgeeks forum but could not see anything specific to try apart from renaming the install file to mb.exe (which was not really the issue as it installed)


Thanks, Martin

You did not answer my questions.

Well, this will be tricky...

- right-click mbam.exe and rename it to 123.com;
- right-click on it and select "run as administrator".

Let me know how it goes.

Chris

Hi Chris,

appologies for not answering all the questions got carried away trying to run Malwarebyte. I have only ran Spyware Doc and CCleaner plus Hijack this (not removed anything via this only used to provide the log). Spyware doc points to the files attached in the screenshot as threats. When I try to clean them with Spyware doc it crashes the machine. Also renaming and running as administrator Malwarebyte did not work. It scans for 5 secs and closes as before.

Cheers, Martin

Hi Martin,

sorry for the delay, Very busy night yesterday.

I can't read the screenshot.

I can't recommend any fixtools at this point, because the system is unstable and an unexpected bsod or reboot may screw things... did you manage to run RSIT ? Its report may show something useful.

Did you try to restore this system to a date when it was infected but still stable ?

You may try to run chkdsk /r to see if it's not a disk issue, and sfc /scannow to be sure that the antivirus hasn't quarantined any critical system file.

Chris

Hi Chris,

progress at last. After running chkdsk /r and sfc /scannow I finally got Malware and RSIT to run. Log Files attached. Thanks again for you help

Martin

Malwarebytes' Anti-Malware 1.41
Database version: 3049
Windows 6.0.6000

28/10/2009 21:51:41
mbam-log-2009-10-28 (21-51-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 207698
Time elapsed: 42 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Raymond\Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Raymond\Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Raymond\Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Users\Raymond\Local Settings\Application Data\ogyoyqs_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raymond at 2009-10-28 22:00:26
Microsoft® Windows Vista™ Home Premium
System drive C: has 77 GB (69%) free of 112 GB
Total RAM: 1789 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:32, on 28/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Raymond\Desktop\RSIT.exe
C:\Program Files\trend micro\Raymond.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SC467.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5580 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C25BFBB5-4782-4847-9F3A-DECB79132F96}.job
C:\Windows\tasks\User_Feed_Synchronization-{DF54B24B-C0BB-42D4-BB14-F5A7509F6C65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-10-27 1471768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-09-18 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-07-03 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-09-18 1119488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-08-13 364544]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-10-28 2010904]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-02 1232896]
"EPSON Stylus DX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\Users\Raymond\AppData\Local\Temp\02025kou.dll,DllMain []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]
C:\Users\Raymond\AppData\Local\Temp\e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-09-10 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0faccacd-0072-11dd-b801-806e6f6e6963}]
shell\AutoRun\command - F:\KIS2010_UK.EXE


======List of files/folders created in the last 1 months======

2009-10-28 21:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 14:49:22 ----D---- C:\rsit
2009-10-27 18:37:12 ----A---- C:\Windows\ntbtlog.txt
2009-10-27 18:26:39 ----D---- C:\Users\Raymond\AppData\Roaming\Malwarebytes
2009-10-27 18:26:33 ----D---- C:\ProgramData\Malwarebytes
2009-10-27 16:04:15 ----HD---- C:\$AVG
2009-10-27 16:04:12 ----A---- C:\Windows\system32\avgrsstx.dll
2009-10-27 16:03:05 ----D---- C:\ProgramData\AVG Security Toolbar
2009-10-27 16:02:33 ----D---- C:\Program Files\AVG
2009-10-27 16:02:31 ----D---- C:\ProgramData\avg9
2009-10-27 14:31:47 ----A---- C:\Windows\system32\tzres.dll
2009-10-27 13:45:41 ----D---- C:\95be18987da4a954169f24fd5db0
2009-10-27 13:42:46 ----D---- C:\Program Files\Trend Micro
2009-10-26 22:16:48 ----D---- C:\Windows\Minidump
2009-10-26 21:01:36 ----A---- C:\Windows\system32\msdtcprx.dll
2009-10-26 21:01:35 ----A---- C:\Windows\system32\xolehlp.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-10-26 21:01:23 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansec.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanhlp.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-26 21:01:02 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\netiougc.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\finger.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ARP.EXE
2009-10-26 21:01:00 ----A---- C:\Windows\system32\netevent.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\t2embed.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\fontsub.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\atmfd.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\lpk.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\dciman32.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\atmlib.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\wdigest.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\secur32.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\lsass.exe
2009-10-26 20:59:42 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-26 20:59:42 ----A---- C:\Windows\system32\mf.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\rrinstaller.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfps.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfpmp.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mferror.dll
2009-10-26 20:59:36 ----A---- C:\Windows\system32\winhttp.dll
2009-10-26 20:59:25 ----A---- C:\Windows\system32\mshtml.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\wininet.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\ieframe.dll
2009-10-26 20:59:23 ----A---- C:\Windows\system32\urlmon.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\mstime.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\iertutil.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-26 20:59:20 ----A---- C:\Windows\system32\mshtmled.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\icardie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\pngfilt.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\occache.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\iernonce.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\advpack.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieui.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\iesetup.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieencode.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\admparse.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\ieakui.dll
2009-10-26 20:59:07 ----A---- C:\Windows\system32\atl.dll
2009-10-26 20:59:02 ----A---- C:\Windows\system32\gdi32.dll
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-26 20:58:38 ----A---- C:\Windows\system32\wkssvc.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\tsgqec.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\mstscax.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\aaclient.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3r.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3.dll
2009-10-26 20:58:22 ----A---- C:\Windows\system32\netapi32.dll
2009-10-26 20:58:04 ----A---- C:\Windows\system32\EncDec.dll
2009-10-26 20:58:02 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-26 20:58:01 ----A---- C:\Windows\system32\mcmde.dll
2009-10-26 20:57:44 ----A---- C:\Windows\system32\shell32.dll
2009-10-26 20:57:24 ----A---- C:\Windows\system32\localspl.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avifil32.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avicap32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvidc32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvfw32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msrle32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\mciavi32.dll
2009-10-26 20:57:11 ----A---- C:\Windows\explorer.exe
2009-10-26 20:57:03 ----A---- C:\Windows\system32\rpcss.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-10-26 20:57:00 ----A---- C:\Windows\system32\iasads.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-10-26 20:56:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-10-26 20:56:45 ----A---- C:\Windows\system32\kernel32.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\apilogen.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\amxread.dll
2009-10-26 20:56:39 ----A---- C:\Windows\system32\jscript.dll
2009-10-26 20:56:23 ----A---- C:\Windows\system32\wmp.dll
2009-10-26 20:56:21 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-26 20:56:20 ----A---- C:\Windows\system32\spwmp.dll
2009-10-26 20:56:19 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 20:56:19 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-26 20:56:07 ----A---- C:\Windows\system32\schannel.dll
2009-10-26 20:55:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-26 20:55:54 ----A---- C:\Windows\system32\gameux.dll
2009-10-26 20:55:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-26 20:55:44 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-10-26 20:55:43 ----A---- C:\Windows\system32\logagent.exe
2009-10-26 20:55:36 ----A---- C:\Windows\system32\msasn1.dll
2009-10-26 20:55:30 ----A---- C:\Windows\system32\connect.dll
2009-10-26 20:55:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-26 20:39:57 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-26 20:38:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:23:14 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wups.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuapp.exe
2009-10-26 18:51:54 ----D---- C:\Users\Raymond\AppData\Roaming\SUPERAntiSpyware.com
2009-10-26 18:51:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-10-26 17:38:43 ----A---- C:\Windows\system32\VoucherLog.txt
2009-10-26 17:38:32 ----A---- C:\Windows\system32\VchReg.dll
2009-10-26 17:38:31 ----D---- C:\Program Files\SpywareDetector
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcr71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcp71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\MFC71.dll
2009-10-26 17:34:50 ----AD---- C:\ProgramData\TEMP
2009-10-24 21:46:53 ----D---- C:\Program Files\Panda Security
2009-10-24 21:40:53 ----D---- C:\Windows\BDOSCAN8
2009-10-24 20:45:10 ----D---- C:\Windows\pss
2009-10-24 20:39:45 ----D---- C:\Program Files\CCleaner
2009-10-24 20:31:39 ----A---- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-10-20 16:04:42 ----D---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2009-10-28 22:00:18 ----D---- C:\Windows\Prefetch
2009-10-28 22:00:14 ----D---- C:\Windows\Temp
2009-10-28 21:51:41 ----D---- C:\Windows\Tasks
2009-10-28 21:51:41 ----D---- C:\Windows\System32
2009-10-28 21:51:41 ----D---- C:\Windows
2009-10-28 21:07:33 ----D---- C:\Windows\system32\drivers
2009-10-28 21:07:31 ----RD---- C:\Program Files
2009-10-28 19:17:31 ----D---- C:\Program Files\Common Files
2009-10-28 19:16:24 ----D---- C:\Windows\winsxs
2009-10-28 19:15:19 ----HD---- C:\ProgramData
2009-10-28 14:56:09 ----D---- C:\Windows\system32\catroot
2009-10-28 14:56:00 ----D---- C:\Windows\system32\catroot2
2009-10-28 14:54:47 ----D---- C:\System Volume Information
2009-10-27 23:39:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-27 23:39:31 ----D---- C:\Windows\inf
2009-10-27 18:43:11 ----SD---- C:\ProgramData\Microsoft
2009-10-27 18:17:30 ----A---- C:\Windows\DUMP56c6.tmp
2009-10-27 17:57:22 ----A---- C:\Windows\DUMP5aeb.tmp
2009-10-27 17:49:14 ----A---- C:\Windows\DUMP5bd5.tmp
2009-10-27 17:40:59 ----A---- C:\Windows\DUMP64e9.tmp
2009-10-27 17:09:48 ----A---- C:\Windows\DUMP66dc.tmp
2009-10-27 16:02:09 ----SHD---- C:\Windows\Installer
2009-10-27 16:00:30 ----SD---- C:\Users\Raymond\AppData\Roaming\Microsoft
2009-10-27 15:52:41 ----D---- C:\Windows\rescache
2009-10-27 15:40:57 ----D---- C:\Windows\Debug
2009-10-27 15:35:34 ----A---- C:\Windows\DUMP89a8.tmp
2009-10-27 15:24:07 ----A---- C:\Windows\DUMP38da.tmp
2009-10-27 15:15:44 ----A---- C:\Windows\DUMP8c28.tmp
2009-10-27 15:07:26 ----A---- C:\Windows\DUMPa89d.tmp
2009-10-27 15:05:05 ----D---- C:\Windows\Microsoft.NET
2009-10-27 15:05:03 ----RSD---- C:\Windows\assembly
2009-10-27 14:59:47 ----ASH---- C:\Program Files\desktop.ini
2009-10-27 14:55:40 ----D---- C:\Windows\system32\en-US
2009-10-27 14:55:39 ----D---- C:\Windows\system32\migration
2009-10-27 14:55:37 ----D---- C:\Program Files\Internet Explorer
2009-10-27 14:55:36 ----D---- C:\Windows\AppPatch
2009-10-27 14:55:34 ----D---- C:\Program Files\Windows Mail
2009-10-27 14:55:33 ----D---- C:\Windows\ehome
2009-10-27 14:55:31 ----D---- C:\Windows\system32\wbem
2009-10-27 14:55:30 ----D---- C:\Windows\system32\manifeststore
2009-10-27 14:28:25 ----D---- C:\ProgramData\Microsoft Help
2009-10-27 14:06:22 ----D---- C:\Program Files\Windows Media Player
2009-10-27 14:06:13 ----A---- C:\Windows\DUMP4d73.tmp
2009-10-27 14:02:44 ----D---- C:\Windows\system32\Tasks
2009-10-27 13:54:20 ----A---- C:\Windows\DUMP4662.tmp
2009-10-27 13:47:27 ----A---- C:\Windows\DUMP5179.tmp
2009-10-27 13:36:23 ----A---- C:\Windows\DUMP4eab.tmp
2009-10-26 17:39:15 ----D---- C:\Windows\system
2009-10-26 17:35:17 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 21:46:37 ----SD---- C:\Windows\Downloaded Program Files
2009-10-24 20:32:06 ----D---- C:\Program Files\TalkTalk
2009-10-23 11:06:01 ----D---- C:\Program Files\Kontiki
2009-10-23 11:05:59 ----D---- C:\ProgramData\Kontiki
2009-10-23 10:55:05 ----D---- C:\Windows\system32\config
2009-10-23 10:54:44 ----D---- C:\Windows\system32\spool
2009-10-23 10:54:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 10:54:44 ----D---- C:\Windows\SchCache
2009-10-23 10:54:22 ----D---- C:\Windows\Globalization
2009-10-23 10:54:18 ----D---- C:\Windows\registration
2009-10-20 15:24:48 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-20 15:24:47 ----D---- C:\Program Files\Kaspersky Lab
2009-10-02 11:01:58 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-27 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-27 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-10-28 360584]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-03 280592]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2007-07-30 14168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-25 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-27 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Glad it worked.

Please don't attach the logs. This makes them difficult to read. Copy/Paste them to the post instead.

Looks like you ran RSIT before rebooting your system ?

Close all programs leaving only HijackThis running. Place a check against of the following:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Click on Fix Checked when finished and exit HijackThis.

- Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").

- Download and unzip The Avenger from http://swandog46.geekstogo.com/avenger.zip to your desktop
- Start up Avenger.
- In the box that opens, copy, then paste the text in the code box below:

- Click "Execute".
- Press OK at the prompts to reboot your PC.

After your system restarts, a log file should open with the results of Avenger’s actions. Please post this log here along with a fresh RSIT log.

Chris

Hi,

log files as requested:

1)
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Users\Raymond\AppData\Local\Temp\02025kou.dll" not found!
Deletion of file "C:\Users\Raymond\AppData\Local\Temp\02025kou.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Users\Raymond\AppData\Local\Temp\e.exe" not found!
Deletion of file "C:\Users\Raymond\AppData\Local\Temp\e.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.


2) RSIT new logfile

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raymond at 2009-10-29 16:00:56
Microsoft® Windows Vista™ Home Premium
System drive C: has 76 GB (68%) free of 112 GB
Total RAM: 1789 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:01, on 29/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Raymond\Desktop\RSIT.exe
C:\Program Files\trend micro\Raymond.exe
C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SC467.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4561 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C25BFBB5-4782-4847-9F3A-DECB79132F96}.job
C:\Windows\tasks\User_Feed_Synchronization-{DF54B24B-C0BB-42D4-BB14-F5A7509F6C65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-07-03 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-08-13 364544]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-02 1232896]
"EPSON Stylus DX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\Users\Raymond\AppData\Local\Temp\02025kou.dll,DllMain []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]
C:\Users\Raymond\AppData\Local\Temp\e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-09-10 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-29 15:51:13 ----D---- C:\Avenger
2009-10-29 15:51:13 ----A---- C:\avenger.txt
2009-10-29 15:09:20 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-29 15:09:20 ----A---- C:\Windows\system32\infocardapi.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardres.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardagt.exe
2009-10-29 15:09:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-10-29 15:09:15 ----A---- C:\Windows\system32\PresentationHost.exe
2009-10-29 14:57:30 ----A---- C:\Windows\system32\dfshim.dll
2009-10-29 14:57:27 ----A---- C:\Windows\system32\mscoree.dll
2009-10-29 14:57:26 ----A---- C:\Windows\system32\netfxperf.dll
2009-10-29 14:57:17 ----A---- C:\Windows\system32\mscorier.dll
2009-10-29 14:57:15 ----A---- C:\Windows\system32\mscories.dll
2009-10-28 22:38:43 ----D---- C:\$AVG
2009-10-28 21:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 15:00:41 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:00:35 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:00:33 ----A---- C:\Windows\system32\spwmp.dll
2009-10-28 15:00:33 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-28 15:00:30 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-28 14:49:22 ----D---- C:\rsit
2009-10-27 18:26:39 ----D---- C:\Users\Raymond\AppData\Roaming\Malwarebytes
2009-10-27 18:26:33 ----D---- C:\ProgramData\Malwarebytes
2009-10-27 16:02:33 ----D---- C:\Program Files\AVG
2009-10-27 16:02:31 ----D---- C:\ProgramData\avg9
2009-10-27 14:31:47 ----A---- C:\Windows\system32\tzres.dll
2009-10-27 13:45:41 ----D---- C:\95be18987da4a954169f24fd5db0
2009-10-27 13:42:46 ----D---- C:\Program Files\Trend Micro
2009-10-26 22:16:48 ----D---- C:\Windows\Minidump
2009-10-26 21:01:36 ----A---- C:\Windows\system32\msdtcprx.dll
2009-10-26 21:01:35 ----A---- C:\Windows\system32\xolehlp.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-10-26 21:01:23 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansec.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanhlp.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-26 21:01:02 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\netiougc.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\finger.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ARP.EXE
2009-10-26 21:01:00 ----A---- C:\Windows\system32\netevent.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\t2embed.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\fontsub.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\atmfd.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\lpk.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\dciman32.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\atmlib.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\wdigest.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\secur32.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\lsass.exe
2009-10-26 20:59:42 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-26 20:59:42 ----A---- C:\Windows\system32\mf.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\rrinstaller.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfps.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfpmp.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mferror.dll
2009-10-26 20:59:36 ----A---- C:\Windows\system32\winhttp.dll
2009-10-26 20:59:25 ----A---- C:\Windows\system32\mshtml.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\wininet.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\ieframe.dll
2009-10-26 20:59:23 ----A---- C:\Windows\system32\urlmon.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\mstime.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\iertutil.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-26 20:59:20 ----A---- C:\Windows\system32\mshtmled.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\icardie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\pngfilt.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\occache.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\iernonce.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\advpack.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieui.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\iesetup.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieencode.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\admparse.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\ieakui.dll
2009-10-26 20:59:07 ----A---- C:\Windows\system32\atl.dll
2009-10-26 20:59:02 ----A---- C:\Windows\system32\gdi32.dll
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-26 20:58:38 ----A---- C:\Windows\system32\wkssvc.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\tsgqec.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\mstscax.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\aaclient.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3r.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3.dll
2009-10-26 20:58:22 ----A---- C:\Windows\system32\netapi32.dll
2009-10-26 20:58:04 ----A---- C:\Windows\system32\EncDec.dll
2009-10-26 20:58:02 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-26 20:58:01 ----A---- C:\Windows\system32\mcmde.dll
2009-10-26 20:57:44 ----A---- C:\Windows\system32\shell32.dll
2009-10-26 20:57:24 ----A---- C:\Windows\system32\localspl.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avifil32.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avicap32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvidc32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvfw32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msrle32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\mciavi32.dll
2009-10-26 20:57:11 ----A---- C:\Windows\explorer.exe
2009-10-26 20:57:03 ----A---- C:\Windows\system32\rpcss.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-10-26 20:57:00 ----A---- C:\Windows\system32\iasads.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-10-26 20:56:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-10-26 20:56:45 ----A---- C:\Windows\system32\kernel32.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\apilogen.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\amxread.dll
2009-10-26 20:56:39 ----A---- C:\Windows\system32\jscript.dll
2009-10-26 20:56:21 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-26 20:56:07 ----A---- C:\Windows\system32\schannel.dll
2009-10-26 20:55:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-26 20:55:54 ----A---- C:\Windows\system32\gameux.dll
2009-10-26 20:55:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-26 20:55:44 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-10-26 20:55:43 ----A---- C:\Windows\system32\logagent.exe
2009-10-26 20:55:36 ----A---- C:\Windows\system32\msasn1.dll
2009-10-26 20:55:30 ----A---- C:\Windows\system32\connect.dll
2009-10-26 20:55:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-26 20:39:57 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-26 20:38:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:23:14 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wups.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuapp.exe
2009-10-26 18:51:54 ----D---- C:\Users\Raymond\AppData\Roaming\SUPERAntiSpyware.com
2009-10-26 18:51:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-10-26 17:38:43 ----A---- C:\Windows\system32\VoucherLog.txt
2009-10-26 17:38:32 ----A---- C:\Windows\system32\VchReg.dll
2009-10-26 17:38:31 ----D---- C:\Program Files\SpywareDetector
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcr71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcp71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\MFC71.dll
2009-10-26 17:34:50 ----AD---- C:\ProgramData\TEMP
2009-10-24 21:46:53 ----D---- C:\Program Files\Panda Security
2009-10-24 21:40:53 ----D---- C:\Windows\BDOSCAN8
2009-10-24 20:45:10 ----D---- C:\Windows\pss
2009-10-24 20:39:45 ----D---- C:\Program Files\CCleaner
2009-10-24 20:31:39 ----A---- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-10-20 16:04:42 ----D---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2009-10-29 16:00:59 ----D---- C:\Windows\Temp
2009-10-29 15:51:13 ----RD---- C:\Program Files
2009-10-29 15:51:13 ----D---- C:\Windows\system32\drivers
2009-10-29 15:47:36 ----D---- C:\Windows
2009-10-29 15:45:07 ----D---- C:\Windows\System32
2009-10-29 15:45:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-29 15:45:06 ----D---- C:\Windows\inf
2009-10-29 15:43:17 ----D---- C:\Windows\Microsoft.NET
2009-10-29 15:43:14 ----RSD---- C:\Windows\assembly
2009-10-29 15:37:14 ----D---- C:\Windows\system32\XPSViewer
2009-10-29 15:37:14 ----D---- C:\Windows\system32\wbem
2009-10-29 15:37:14 ----D---- C:\Windows\system32\en-US
2009-10-29 15:28:46 ----D---- C:\Windows\Prefetch
2009-10-29 15:24:57 ----D---- C:\System Volume Information
2009-10-29 15:24:34 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 15:19:38 ----SHD---- C:\Windows\Installer
2009-10-29 15:19:38 ----D---- C:\ProgramData\Microsoft Help
2009-10-29 15:17:17 ----D---- C:\Windows\winsxs
2009-10-29 15:14:42 ----D---- C:\Windows\system32\Tasks
2009-10-29 15:13:59 ----D---- C:\Windows\system32\catroot2
2009-10-29 15:13:59 ----D---- C:\Windows\system32\catroot
2009-10-29 15:10:57 ----SHD---- C:\$Recycle.Bin
2009-10-29 15:10:09 ----RD---- C:\Users
2009-10-29 15:08:20 ----D---- C:\Windows\rescache
2009-10-29 14:56:53 ----D---- C:\Program Files\Windows Media Player
2009-10-28 22:53:06 ----HD---- C:\ProgramData
2009-10-28 22:52:32 ----SD---- C:\Users\Raymond\AppData\Roaming\Microsoft
2009-10-28 22:35:01 ----D---- C:\Windows\system32\config
2009-10-28 22:34:47 ----D---- C:\Windows\Tasks
2009-10-28 22:34:47 ----D---- C:\Windows\system32\spool
2009-10-28 22:34:45 ----D---- C:\Windows\registration
2009-10-28 19:17:31 ----D---- C:\Program Files\Common Files
2009-10-27 18:43:11 ----SD---- C:\ProgramData\Microsoft
2009-10-27 18:17:30 ----A---- C:\Windows\DUMP56c6.tmp
2009-10-27 17:57:22 ----A---- C:\Windows\DUMP5aeb.tmp
2009-10-27 17:49:14 ----A---- C:\Windows\DUMP5bd5.tmp
2009-10-27 17:40:59 ----A---- C:\Windows\DUMP64e9.tmp
2009-10-27 17:09:48 ----A---- C:\Windows\DUMP66dc.tmp
2009-10-27 15:40:57 ----D---- C:\Windows\Debug
2009-10-27 15:35:34 ----A---- C:\Windows\DUMP89a8.tmp
2009-10-27 15:24:07 ----A---- C:\Windows\DUMP38da.tmp
2009-10-27 15:15:44 ----A---- C:\Windows\DUMP8c28.tmp
2009-10-27 15:07:26 ----A---- C:\Windows\DUMPa89d.tmp
2009-10-27 14:59:47 ----ASH---- C:\Program Files\desktop.ini
2009-10-27 14:55:39 ----D---- C:\Windows\system32\migration
2009-10-27 14:55:37 ----D---- C:\Program Files\Internet Explorer
2009-10-27 14:55:36 ----D---- C:\Windows\AppPatch
2009-10-27 14:55:34 ----D---- C:\Program Files\Windows Mail
2009-10-27 14:55:33 ----D---- C:\Windows\ehome
2009-10-27 14:55:30 ----D---- C:\Windows\system32\manifeststore
2009-10-27 14:06:13 ----A---- C:\Windows\DUMP4d73.tmp
2009-10-27 13:54:20 ----A---- C:\Windows\DUMP4662.tmp
2009-10-27 13:47:27 ----A---- C:\Windows\DUMP5179.tmp
2009-10-27 13:36:23 ----A---- C:\Windows\DUMP4eab.tmp
2009-10-26 17:39:15 ----D---- C:\Windows\system
2009-10-26 17:35:17 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:32:06 ----D---- C:\Program Files\TalkTalk
2009-10-23 11:06:01 ----D---- C:\Program Files\Kontiki
2009-10-23 11:05:59 ----D---- C:\ProgramData\Kontiki
2009-10-23 10:54:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 10:54:44 ----D---- C:\Windows\SchCache
2009-10-23 10:54:22 ----D---- C:\Windows\Globalization
2009-10-20 15:24:48 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-20 15:24:47 ----D---- C:\Program Files\Kaspersky Lab
2009-10-02 11:01:58 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-03 280592]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2007-07-30 14168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-25 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Where is the antivirus for this system ?

you can pick a free antivirus from one of those links:

AVG - http://free.grisoft.com/doc/1
AVAST - http://www.avast.com/eng/avast_4_home.html
AntiVir - http://www.free-av.com/

- Create a fresh system restore point.
- Start Ccleaner;
- Click the Registry icon at left;
- Make sure that all checkboxes are checked;
- Click the Scan for Issues button;
- Select (checkmark) all problems found and click the Fix selected Issues button at right;
- Click Yes on the "Do you want to backup changes to the registry" window;
- Save the registry backup file;
- Click Fix All Issues (you may need to confirm, please do so);
- Close Ccleaner and restart your system.

Apart of this, the system looks clean to me... please post a final RSIT log when done, and let me know if you are still experiencing troubles.

Chris

Hi,

latest log file.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raymond at 2009-10-29 16:00:56
Microsoft® Windows Vista™ Home Premium
System drive C: has 76 GB (68%) free of 112 GB
Total RAM: 1789 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:01, on 29/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Raymond\Desktop\RSIT.exe
C:\Program Files\trend micro\Raymond.exe
C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SC467.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4561 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C25BFBB5-4782-4847-9F3A-DECB79132F96}.job
C:\Windows\tasks\User_Feed_Synchronization-{DF54B24B-C0BB-42D4-BB14-F5A7509F6C65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-07-03 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-08-13 364544]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-02 1232896]
"EPSON Stylus DX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\Users\Raymond\AppData\Local\Temp\02025kou.dll,DllMain []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]
C:\Users\Raymond\AppData\Local\Temp\e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-09-10 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-10-29 15:51:13 ----D---- C:\Avenger
2009-10-29 15:51:13 ----A---- C:\avenger.txt
2009-10-29 15:09:20 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-29 15:09:20 ----A---- C:\Windows\system32\infocardapi.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardres.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardagt.exe
2009-10-29 15:09:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-10-29 15:09:15 ----A---- C:\Windows\system32\PresentationHost.exe
2009-10-29 14:57:30 ----A---- C:\Windows\system32\dfshim.dll
2009-10-29 14:57:27 ----A---- C:\Windows\system32\mscoree.dll
2009-10-29 14:57:26 ----A---- C:\Windows\system32\netfxperf.dll
2009-10-29 14:57:17 ----A---- C:\Windows\system32\mscorier.dll
2009-10-29 14:57:15 ----A---- C:\Windows\system32\mscories.dll
2009-10-28 22:38:43 ----D---- C:\$AVG
2009-10-28 21:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 15:00:41 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:00:35 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:00:33 ----A---- C:\Windows\system32\spwmp.dll
2009-10-28 15:00:33 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-28 15:00:30 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-28 14:49:22 ----D---- C:\rsit
2009-10-27 18:26:39 ----D---- C:\Users\Raymond\AppData\Roaming\Malwarebytes
2009-10-27 18:26:33 ----D---- C:\ProgramData\Malwarebytes
2009-10-27 16:02:33 ----D---- C:\Program Files\AVG
2009-10-27 16:02:31 ----D---- C:\ProgramData\avg9
2009-10-27 14:31:47 ----A---- C:\Windows\system32\tzres.dll
2009-10-27 13:45:41 ----D---- C:\95be18987da4a954169f24fd5db0
2009-10-27 13:42:46 ----D---- C:\Program Files\Trend Micro
2009-10-26 22:16:48 ----D---- C:\Windows\Minidump
2009-10-26 21:01:36 ----A---- C:\Windows\system32\msdtcprx.dll
2009-10-26 21:01:35 ----A---- C:\Windows\system32\xolehlp.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-10-26 21:01:23 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansec.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanhlp.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-26 21:01:02 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\netiougc.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\finger.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ARP.EXE
2009-10-26 21:01:00 ----A---- C:\Windows\system32\netevent.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\t2embed.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\fontsub.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\atmfd.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\lpk.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\dciman32.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\atmlib.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\wdigest.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\secur32.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\lsass.exe
2009-10-26 20:59:42 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-26 20:59:42 ----A---- C:\Windows\system32\mf.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\rrinstaller.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfps.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfpmp.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mferror.dll
2009-10-26 20:59:36 ----A---- C:\Windows\system32\winhttp.dll
2009-10-26 20:59:25 ----A---- C:\Windows\system32\mshtml.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\wininet.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\ieframe.dll
2009-10-26 20:59:23 ----A---- C:\Windows\system32\urlmon.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\mstime.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\iertutil.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-26 20:59:20 ----A---- C:\Windows\system32\mshtmled.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\icardie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\pngfilt.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\occache.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\iernonce.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\advpack.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieui.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\iesetup.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieencode.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\admparse.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\ieakui.dll
2009-10-26 20:59:07 ----A---- C:\Windows\system32\atl.dll
2009-10-26 20:59:02 ----A---- C:\Windows\system32\gdi32.dll
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-26 20:58:38 ----A---- C:\Windows\system32\wkssvc.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\tsgqec.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\mstscax.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\aaclient.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3r.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3.dll
2009-10-26 20:58:22 ----A---- C:\Windows\system32\netapi32.dll
2009-10-26 20:58:04 ----A---- C:\Windows\system32\EncDec.dll
2009-10-26 20:58:02 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-26 20:58:01 ----A---- C:\Windows\system32\mcmde.dll
2009-10-26 20:57:44 ----A---- C:\Windows\system32\shell32.dll
2009-10-26 20:57:24 ----A---- C:\Windows\system32\localspl.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avifil32.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avicap32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvidc32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvfw32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msrle32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\mciavi32.dll
2009-10-26 20:57:11 ----A---- C:\Windows\explorer.exe
2009-10-26 20:57:03 ----A---- C:\Windows\system32\rpcss.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-10-26 20:57:00 ----A---- C:\Windows\system32\iasads.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-10-26 20:56:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-10-26 20:56:45 ----A---- C:\Windows\system32\kernel32.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\apilogen.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\amxread.dll
2009-10-26 20:56:39 ----A---- C:\Windows\system32\jscript.dll
2009-10-26 20:56:21 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-26 20:56:07 ----A---- C:\Windows\system32\schannel.dll
2009-10-26 20:55:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-26 20:55:54 ----A---- C:\Windows\system32\gameux.dll
2009-10-26 20:55:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-26 20:55:44 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-10-26 20:55:43 ----A---- C:\Windows\system32\logagent.exe
2009-10-26 20:55:36 ----A---- C:\Windows\system32\msasn1.dll
2009-10-26 20:55:30 ----A---- C:\Windows\system32\connect.dll
2009-10-26 20:55:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-26 20:39:57 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-26 20:38:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:23:14 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wups.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuapp.exe
2009-10-26 18:51:54 ----D---- C:\Users\Raymond\AppData\Roaming\SUPERAntiSpyware.com
2009-10-26 18:51:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-10-26 17:38:43 ----A---- C:\Windows\system32\VoucherLog.txt
2009-10-26 17:38:32 ----A---- C:\Windows\system32\VchReg.dll
2009-10-26 17:38:31 ----D---- C:\Program Files\SpywareDetector
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcr71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcp71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\MFC71.dll
2009-10-26 17:34:50 ----AD---- C:\ProgramData\TEMP
2009-10-24 21:46:53 ----D---- C:\Program Files\Panda Security
2009-10-24 21:40:53 ----D---- C:\Windows\BDOSCAN8
2009-10-24 20:45:10 ----D---- C:\Windows\pss
2009-10-24 20:39:45 ----D---- C:\Program Files\CCleaner
2009-10-24 20:31:39 ----A---- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-10-20 16:04:42 ----D---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2009-10-29 16:00:59 ----D---- C:\Windows\Temp
2009-10-29 15:51:13 ----RD---- C:\Program Files
2009-10-29 15:51:13 ----D---- C:\Windows\system32\drivers
2009-10-29 15:47:36 ----D---- C:\Windows
2009-10-29 15:45:07 ----D---- C:\Windows\System32
2009-10-29 15:45:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-29 15:45:06 ----D---- C:\Windows\inf
2009-10-29 15:43:17 ----D---- C:\Windows\Microsoft.NET
2009-10-29 15:43:14 ----RSD---- C:\Windows\assembly
2009-10-29 15:37:14 ----D---- C:\Windows\system32\XPSViewer
2009-10-29 15:37:14 ----D---- C:\Windows\system32\wbem
2009-10-29 15:37:14 ----D---- C:\Windows\system32\en-US
2009-10-29 15:28:46 ----D---- C:\Windows\Prefetch
2009-10-29 15:24:57 ----D---- C:\System Volume Information
2009-10-29 15:24:34 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 15:19:38 ----SHD---- C:\Windows\Installer
2009-10-29 15:19:38 ----D---- C:\ProgramData\Microsoft Help
2009-10-29 15:17:17 ----D---- C:\Windows\winsxs
2009-10-29 15:14:42 ----D---- C:\Windows\system32\Tasks
2009-10-29 15:13:59 ----D---- C:\Windows\system32\catroot2
2009-10-29 15:13:59 ----D---- C:\Windows\system32\catroot
2009-10-29 15:10:57 ----SHD---- C:\$Recycle.Bin
2009-10-29 15:10:09 ----RD---- C:\Users
2009-10-29 15:08:20 ----D---- C:\Windows\rescache
2009-10-29 14:56:53 ----D---- C:\Program Files\Windows Media Player
2009-10-28 22:53:06 ----HD---- C:\ProgramData
2009-10-28 22:52:32 ----SD---- C:\Users\Raymond\AppData\Roaming\Microsoft
2009-10-28 22:35:01 ----D---- C:\Windows\system32\config
2009-10-28 22:34:47 ----D---- C:\Windows\Tasks
2009-10-28 22:34:47 ----D---- C:\Windows\system32\spool
2009-10-28 22:34:45 ----D---- C:\Windows\registration
2009-10-28 19:17:31 ----D---- C:\Program Files\Common Files
2009-10-27 18:43:11 ----SD---- C:\ProgramData\Microsoft
2009-10-27 18:17:30 ----A---- C:\Windows\DUMP56c6.tmp
2009-10-27 17:57:22 ----A---- C:\Windows\DUMP5aeb.tmp
2009-10-27 17:49:14 ----A---- C:\Windows\DUMP5bd5.tmp
2009-10-27 17:40:59 ----A---- C:\Windows\DUMP64e9.tmp
2009-10-27 17:09:48 ----A---- C:\Windows\DUMP66dc.tmp
2009-10-27 15:40:57 ----D---- C:\Windows\Debug
2009-10-27 15:35:34 ----A---- C:\Windows\DUMP89a8.tmp
2009-10-27 15:24:07 ----A---- C:\Windows\DUMP38da.tmp
2009-10-27 15:15:44 ----A---- C:\Windows\DUMP8c28.tmp
2009-10-27 15:07:26 ----A---- C:\Windows\DUMPa89d.tmp
2009-10-27 14:59:47 ----ASH---- C:\Program Files\desktop.ini
2009-10-27 14:55:39 ----D---- C:\Windows\system32\migration
2009-10-27 14:55:37 ----D---- C:\Program Files\Internet Explorer
2009-10-27 14:55:36 ----D---- C:\Windows\AppPatch
2009-10-27 14:55:34 ----D---- C:\Program Files\Windows Mail
2009-10-27 14:55:33 ----D---- C:\Windows\ehome
2009-10-27 14:55:30 ----D---- C:\Windows\system32\manifeststore
2009-10-27 14:06:13 ----A---- C:\Windows\DUMP4d73.tmp
2009-10-27 13:54:20 ----A---- C:\Windows\DUMP4662.tmp
2009-10-27 13:47:27 ----A---- C:\Windows\DUMP5179.tmp
2009-10-27 13:36:23 ----A---- C:\Windows\DUMP4eab.tmp
2009-10-26 17:39:15 ----D---- C:\Windows\system
2009-10-26 17:35:17 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:32:06 ----D---- C:\Program Files\TalkTalk
2009-10-23 11:06:01 ----D---- C:\Program Files\Kontiki
2009-10-23 11:05:59 ----D---- C:\ProgramData\Kontiki
2009-10-23 10:54:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 10:54:44 ----D---- C:\Windows\SchCache
2009-10-23 10:54:22 ----D---- C:\Windows\Globalization
2009-10-20 15:24:48 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-20 15:24:47 ----D---- C:\Program Files\Kaspersky Lab
2009-10-02 11:01:58 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-03 280592]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2007-07-30 14168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-25 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

In relation to the question on antivirus software. I did have Kaspersky Internet Security to install but for some reason it keeps failing to load with internel error 2753. dtvns32.exe_X86. I guess I will need to contact there support team.

Thanks again for your help. I may be in contact once again as been told my friends daughters machine is also acting up.

Cheers, Martin

Martin,

You posted the previous log instead of a fresh one (both have the same date stamp).

* Run by Raymond at 2009-10-29 16:00:56
**Run by Raymond at 2009-10-29 16:00:56

I need to know if the changes were made, so, please run RSIT again and post the log generated in your notepad, not the one which is on your hard disk.

Chris

Hi,

apologies not sure what happened. New log from today:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raymond at 2009-10-30 14:23:00
Microsoft® Windows Vista™ Home Premium
System drive C: has 75 GB (67%) free of 112 GB
Total RAM: 1789 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:05, on 30/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Users\Raymond\Desktop\RSIT.exe
C:\Program Files\trend micro\Raymond.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SC467.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4388 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C25BFBB5-4782-4847-9F3A-DECB79132F96}.job
C:\Windows\tasks\User_Feed_Synchronization-{DF54B24B-C0BB-42D4-BB14-F5A7509F6C65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-07-03 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-08-13 364544]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-02 1232896]
"EPSON Stylus DX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\Users\Raymond\AppData\Local\Temp\02025kou.dll,DllMain []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]
C:\Users\Raymond\AppData\Local\Temp\e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-09-10 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0faccacd-0072-11dd-b801-806e6f6e6963}]
shell\AutoRun\command - F:\KIS2010_UK.EXE


======List of files/folders created in the last 1 months======

2009-10-29 15:51:13 ----D---- C:\Avenger
2009-10-29 15:51:13 ----A---- C:\avenger.txt
2009-10-29 15:09:20 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-29 15:09:20 ----A---- C:\Windows\system32\infocardapi.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardres.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardagt.exe
2009-10-29 15:09:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-10-29 15:09:15 ----A---- C:\Windows\system32\PresentationHost.exe
2009-10-29 14:57:30 ----A---- C:\Windows\system32\dfshim.dll
2009-10-29 14:57:27 ----A---- C:\Windows\system32\mscoree.dll
2009-10-29 14:57:26 ----A---- C:\Windows\system32\netfxperf.dll
2009-10-29 14:57:17 ----A---- C:\Windows\system32\mscorier.dll
2009-10-29 14:57:15 ----A---- C:\Windows\system32\mscories.dll
2009-10-28 22:38:43 ----D---- C:\$AVG
2009-10-28 21:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 15:00:41 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:00:35 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:00:33 ----A---- C:\Windows\system32\spwmp.dll
2009-10-28 15:00:33 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-28 15:00:30 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-28 14:49:22 ----D---- C:\rsit
2009-10-27 18:26:39 ----D---- C:\Users\Raymond\AppData\Roaming\Malwarebytes
2009-10-27 18:26:33 ----D---- C:\ProgramData\Malwarebytes
2009-10-27 16:02:33 ----D---- C:\Program Files\AVG
2009-10-27 16:02:31 ----D---- C:\ProgramData\avg9
2009-10-27 14:31:47 ----A---- C:\Windows\system32\tzres.dll
2009-10-27 13:45:41 ----D---- C:\95be18987da4a954169f24fd5db0
2009-10-27 13:42:46 ----D---- C:\Program Files\Trend Micro
2009-10-26 22:16:48 ----D---- C:\Windows\Minidump
2009-10-26 21:01:36 ----A---- C:\Windows\system32\msdtcprx.dll
2009-10-26 21:01:35 ----A---- C:\Windows\system32\xolehlp.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-10-26 21:01:23 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansec.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanhlp.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-26 21:01:02 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\netiougc.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\finger.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ARP.EXE
2009-10-26 21:01:00 ----A---- C:\Windows\system32\netevent.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\t2embed.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\fontsub.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\atmfd.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\lpk.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\dciman32.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\atmlib.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\wdigest.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\secur32.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\lsass.exe
2009-10-26 20:59:42 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-26 20:59:42 ----A---- C:\Windows\system32\mf.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\rrinstaller.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfps.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfpmp.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mferror.dll
2009-10-26 20:59:36 ----A---- C:\Windows\system32\winhttp.dll
2009-10-26 20:59:25 ----A---- C:\Windows\system32\mshtml.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\wininet.dll
2009-10-26 20:59:24 ----A---- C:\Windows\system32\ieframe.dll
2009-10-26 20:59:23 ----A---- C:\Windows\system32\urlmon.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\mstime.dll
2009-10-26 20:59:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\iertutil.dll
2009-10-26 20:59:21 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-26 20:59:20 ----A---- C:\Windows\system32\mshtmled.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-26 20:59:20 ----A---- C:\Windows\system32\icardie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\pngfilt.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\occache.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\iernonce.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-10-26 20:59:19 ----A---- C:\Windows\system32\advpack.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieui.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\iesetup.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\ieencode.dll
2009-10-26 20:59:18 ----A---- C:\Windows\system32\admparse.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-10-26 20:59:17 ----A---- C:\Windows\system32\ieakui.dll
2009-10-26 20:59:07 ----A---- C:\Windows\system32\atl.dll
2009-10-26 20:59:02 ----A---- C:\Windows\system32\gdi32.dll
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-26 20:58:38 ----A---- C:\Windows\system32\wkssvc.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\tsgqec.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\mstscax.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\aaclient.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3r.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3.dll
2009-10-26 20:58:22 ----A---- C:\Windows\system32\netapi32.dll
2009-10-26 20:58:04 ----A---- C:\Windows\system32\EncDec.dll
2009-10-26 20:58:02 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-26 20:58:01 ----A---- C:\Windows\system32\mcmde.dll
2009-10-26 20:57:44 ----A---- C:\Windows\system32\shell32.dll
2009-10-26 20:57:24 ----A---- C:\Windows\system32\localspl.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avifil32.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avicap32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvidc32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvfw32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msrle32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\mciavi32.dll
2009-10-26 20:57:11 ----A---- C:\Windows\explorer.exe
2009-10-26 20:57:03 ----A---- C:\Windows\system32\rpcss.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-10-26 20:57:00 ----A---- C:\Windows\system32\iasads.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-10-26 20:56:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-10-26 20:56:45 ----A---- C:\Windows\system32\kernel32.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\apilogen.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\amxread.dll
2009-10-26 20:56:39 ----A---- C:\Windows\system32\jscript.dll
2009-10-26 20:56:21 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-26 20:56:07 ----A---- C:\Windows\system32\schannel.dll
2009-10-26 20:55:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-26 20:55:54 ----A---- C:\Windows\system32\gameux.dll
2009-10-26 20:55:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-26 20:55:44 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-10-26 20:55:43 ----A---- C:\Windows\system32\logagent.exe
2009-10-26 20:55:36 ----A---- C:\Windows\system32\msasn1.dll
2009-10-26 20:55:30 ----A---- C:\Windows\system32\connect.dll
2009-10-26 20:55:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-26 20:39:57 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-26 20:38:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:23:14 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wups.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuapp.exe
2009-10-26 18:51:54 ----D---- C:\Users\Raymond\AppData\Roaming\SUPERAntiSpyware.com
2009-10-26 18:51:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-10-26 17:38:43 ----A---- C:\Windows\system32\VoucherLog.txt
2009-10-26 17:38:32 ----A---- C:\Windows\system32\VchReg.dll
2009-10-26 17:38:31 ----D---- C:\Program Files\SpywareDetector
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcr71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcp71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\MFC71.dll
2009-10-26 17:34:50 ----AD---- C:\ProgramData\TEMP
2009-10-24 21:46:53 ----D---- C:\Program Files\Panda Security
2009-10-24 21:40:53 ----D---- C:\Windows\BDOSCAN8
2009-10-24 20:45:10 ----D---- C:\Windows\pss
2009-10-24 20:39:45 ----D---- C:\Program Files\CCleaner
2009-10-24 20:31:39 ----A---- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-10-20 16:04:42 ----D---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2009-10-30 14:23:03 ----D---- C:\Windows\Temp
2009-10-29 23:37:36 ----SHD---- C:\Windows\Installer
2009-10-29 23:36:30 ----D---- C:\System Volume Information
2009-10-29 23:30:54 ----D---- C:\Windows\Microsoft.NET
2009-10-29 23:30:50 ----RSD---- C:\Windows\assembly
2009-10-29 16:13:18 ----D---- C:\Windows\winsxs
2009-10-29 16:12:57 ----D---- C:\Windows\system32\catroot
2009-10-29 16:07:46 ----D---- C:\Windows\rescache
2009-10-29 15:51:13 ----RD---- C:\Program Files
2009-10-29 15:51:13 ----D---- C:\Windows\system32\drivers
2009-10-29 15:47:36 ----D---- C:\Windows
2009-10-29 15:45:07 ----D---- C:\Windows\System32
2009-10-29 15:45:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-29 15:45:06 ----D---- C:\Windows\inf
2009-10-29 15:37:14 ----D---- C:\Windows\system32\XPSViewer
2009-10-29 15:37:14 ----D---- C:\Windows\system32\wbem
2009-10-29 15:37:14 ----D---- C:\Windows\system32\en-US
2009-10-29 15:28:46 ----D---- C:\Windows\Prefetch
2009-10-29 15:24:34 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 15:19:38 ----D---- C:\ProgramData\Microsoft Help
2009-10-29 15:14:42 ----D---- C:\Windows\system32\Tasks
2009-10-29 15:13:59 ----D---- C:\Windows\system32\catroot2
2009-10-29 15:10:57 ----SHD---- C:\$Recycle.Bin
2009-10-29 15:10:09 ----RD---- C:\Users
2009-10-29 14:56:53 ----D---- C:\Program Files\Windows Media Player
2009-10-28 22:53:06 ----HD---- C:\ProgramData
2009-10-28 22:52:32 ----SD---- C:\Users\Raymond\AppData\Roaming\Microsoft
2009-10-28 22:35:01 ----D---- C:\Windows\system32\config
2009-10-28 22:34:47 ----D---- C:\Windows\Tasks
2009-10-28 22:34:47 ----D---- C:\Windows\system32\spool
2009-10-28 22:34:45 ----D---- C:\Windows\registration
2009-10-28 19:17:31 ----D---- C:\Program Files\Common Files
2009-10-27 18:43:11 ----SD---- C:\ProgramData\Microsoft
2009-10-27 18:17:30 ----A---- C:\Windows\DUMP56c6.tmp
2009-10-27 17:57:22 ----A---- C:\Windows\DUMP5aeb.tmp
2009-10-27 17:49:14 ----A---- C:\Windows\DUMP5bd5.tmp
2009-10-27 17:40:59 ----A---- C:\Windows\DUMP64e9.tmp
2009-10-27 17:09:48 ----A---- C:\Windows\DUMP66dc.tmp
2009-10-27 15:40:57 ----D---- C:\Windows\Debug
2009-10-27 15:35:34 ----A---- C:\Windows\DUMP89a8.tmp
2009-10-27 15:24:07 ----A---- C:\Windows\DUMP38da.tmp
2009-10-27 15:15:44 ----A---- C:\Windows\DUMP8c28.tmp
2009-10-27 15:07:26 ----A---- C:\Windows\DUMPa89d.tmp
2009-10-27 14:59:47 ----ASH---- C:\Program Files\desktop.ini
2009-10-27 14:55:39 ----D---- C:\Windows\system32\migration
2009-10-27 14:55:37 ----D---- C:\Program Files\Internet Explorer
2009-10-27 14:55:36 ----D---- C:\Windows\AppPatch
2009-10-27 14:55:34 ----D---- C:\Program Files\Windows Mail
2009-10-27 14:55:33 ----D---- C:\Windows\ehome
2009-10-27 14:55:30 ----D---- C:\Windows\system32\manifeststore
2009-10-27 14:06:13 ----A---- C:\Windows\DUMP4d73.tmp
2009-10-27 13:54:20 ----A---- C:\Windows\DUMP4662.tmp
2009-10-27 13:47:27 ----A---- C:\Windows\DUMP5179.tmp
2009-10-27 13:36:23 ----A---- C:\Windows\DUMP4eab.tmp
2009-10-26 17:39:15 ----D---- C:\Windows\system
2009-10-26 17:35:17 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:32:06 ----D---- C:\Program Files\TalkTalk
2009-10-23 11:06:01 ----D---- C:\Program Files\Kontiki
2009-10-23 11:05:59 ----D---- C:\ProgramData\Kontiki
2009-10-23 10:54:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 10:54:44 ----D---- C:\Windows\SchCache
2009-10-23 10:54:22 ----D---- C:\Windows\Globalization
2009-10-20 15:24:48 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-20 15:24:47 ----D---- C:\Program Files\Kaspersky Lab
2009-10-02 11:01:58 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-03 280592]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2007-07-30 14168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-25 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


FYI - looks like the error with Kaspersky is related to windows installer. Trying to sort that now

Cheers, Martin

Nope ! No changes were made. The registry was not cleaned.

This is why you can't reinstall Kaspersky (its previous registry entries are still there, as well as the AVG ones).

Did you run Ccleaner and clean your registry as asked in my previous post ?

- Create a fresh system restore point.
- Start Ccleaner;
- Click the Registry icon at left;
- Make sure that all checkboxes are checked;
- Click the Scan for Issues button;
- Select (checkmark) all problems found and click the Fix selected Issues button at right;
- Click Yes on the "Do you want to backup changes to the registry" window;
- Save the registry backup file;
- Click Fix All Issues (you may need to confirm, please do so);
- Close Ccleaner and restart your system.

the useless keys must have gone after that.

Did you run it "As Administrator" ?
Did you get any error during this process ?

Chris

Hi,

yes did as advised and got no error. I managed to sort Kaspersky. Found a removal tool and have got it up and running. It found three issues that it has fixed. Just ran CCleaner once more and it picked up some other entries which I fixed.

I rerun RSIT and the latest log is below:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raymond at 2009-10-30 17:52:32
Microsoft® Windows Vista™ Home Premium
System drive C: has 75 GB (67%) free of 112 GB
Total RAM: 1789 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:36, on 30/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Users\Raymond\Desktop\RSIT.exe
C:\Program Files\trend micro\Raymond.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SC467.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5138 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C25BFBB5-4782-4847-9F3A-DECB79132F96}.job
C:\Windows\tasks\User_Feed_Synchronization-{DF54B24B-C0BB-42D4-BB14-F5A7509F6C65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-08-13 364544]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-02 1232896]
"EPSON Stylus DX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\Users\Raymond\AppData\Local\Temp\02025kou.dll,DllMain []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]
C:\Users\Raymond\AppData\Local\Temp\e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2007-09-10 1006264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-22 734872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0faccacd-0072-11dd-b801-806e6f6e6963}]
shell\AutoRun\command - F:\KIS2010_UK.EXE


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-10-30 16:19:13 ----D---- C:\Program Files\Kaspersky Lab
2009-10-30 15:57:25 ----A---- C:\Windows\system32\occache.dll
2009-10-30 15:57:25 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-30 15:57:25 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-30 15:57:25 ----A---- C:\Windows\system32\iepeers.dll
2009-10-30 15:57:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-30 15:57:24 ----A---- C:\Windows\system32\ieui.dll
2009-10-30 15:57:24 ----A---- C:\Windows\system32\iesetup.dll
2009-10-30 15:57:23 ----A---- C:\Windows\system32\wininet.dll
2009-10-30 15:57:23 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-30 15:57:23 ----A---- C:\Windows\system32\iernonce.dll
2009-10-30 15:57:23 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-30 15:57:22 ----A---- C:\Windows\system32\urlmon.dll
2009-10-30 15:57:22 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-30 15:57:22 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-30 15:57:22 ----A---- C:\Windows\system32\iertutil.dll
2009-10-30 15:57:22 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-30 15:57:21 ----A---- C:\Windows\system32\ieframe.dll
2009-10-30 15:57:20 ----A---- C:\Windows\system32\mshtml.dll
2009-10-30 15:55:34 ----A---- C:\Windows\system32\mshtmled.dll
2009-10-30 15:55:34 ----A---- C:\Windows\system32\icardie.dll
2009-10-30 15:55:33 ----A---- C:\Windows\system32\msls31.dll
2009-10-30 15:55:33 ----A---- C:\Windows\system32\mshtmler.dll
2009-10-30 15:55:33 ----A---- C:\Windows\system32\ieakeng.dll
2009-10-30 15:55:33 ----A---- C:\Windows\system32\corpol.dll
2009-10-30 15:55:33 ----A---- C:\Windows\system32\admparse.dll
2009-10-30 15:55:32 ----A---- C:\Windows\system32\licmgr10.dll
2009-10-30 15:55:32 ----A---- C:\Windows\system32\inseng.dll
2009-10-30 15:55:32 ----A---- C:\Windows\system32\imgutil.dll
2009-10-30 15:55:32 ----A---- C:\Windows\system32\dxtrans.dll
2009-10-30 15:55:32 ----A---- C:\Windows\system32\dxtmsft.dll
2009-10-30 15:55:31 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-10-30 15:55:31 ----A---- C:\Windows\system32\wextract.exe
2009-10-30 15:55:31 ----A---- C:\Windows\system32\webcheck.dll
2009-10-30 15:55:31 ----A---- C:\Windows\system32\mstime.dll
2009-10-30 15:55:31 ----A---- C:\Windows\system32\msrating.dll
2009-10-30 15:55:31 ----A---- C:\Windows\system32\ieakui.dll
2009-10-30 15:55:31 ----A---- C:\Windows\system32\ieaksie.dll
2009-10-30 15:55:30 ----A---- C:\Windows\system32\vbscript.dll
2009-10-30 15:55:30 ----A---- C:\Windows\system32\pngfilt.dll
2009-10-30 15:55:30 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-30 15:55:30 ----A---- C:\Windows\system32\advpack.dll
2009-10-30 15:55:29 ----A---- C:\Windows\system32\url.dll
2009-10-30 15:55:29 ----A---- C:\Windows\system32\jscript.dll
2009-10-30 15:55:28 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-10-30 15:55:28 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-10-30 15:55:28 ----A---- C:\Windows\system32\PDMSetup.exe
2009-10-30 15:55:28 ----A---- C:\Windows\system32\mshta.exe
2009-10-30 15:55:28 ----A---- C:\Windows\system32\iexpress.exe
2009-10-30 14:39:23 ----A---- C:\Windows\system32\kerberos.dll
2009-10-30 14:39:22 ----A---- C:\Windows\system32\schannel.dll
2009-10-29 15:51:13 ----D---- C:\Avenger
2009-10-29 15:51:13 ----A---- C:\avenger.txt
2009-10-29 15:09:20 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-29 15:09:20 ----A---- C:\Windows\system32\infocardapi.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardres.dll
2009-10-29 15:09:19 ----A---- C:\Windows\system32\icardagt.exe
2009-10-29 15:09:17 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-10-29 15:09:15 ----A---- C:\Windows\system32\PresentationHost.exe
2009-10-29 14:57:30 ----A---- C:\Windows\system32\dfshim.dll
2009-10-29 14:57:27 ----A---- C:\Windows\system32\mscoree.dll
2009-10-29 14:57:26 ----A---- C:\Windows\system32\netfxperf.dll
2009-10-29 14:57:17 ----A---- C:\Windows\system32\mscorier.dll
2009-10-29 14:57:15 ----A---- C:\Windows\system32\mscories.dll
2009-10-28 22:38:43 ----D---- C:\$AVG
2009-10-28 21:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 15:00:41 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:00:35 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:00:33 ----A---- C:\Windows\system32\spwmp.dll
2009-10-28 15:00:33 ----A---- C:\Windows\system32\dxmasf.dll
2009-10-28 15:00:30 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-28 14:49:22 ----D---- C:\rsit
2009-10-27 18:26:39 ----D---- C:\Users\Raymond\AppData\Roaming\Malwarebytes
2009-10-27 18:26:33 ----D---- C:\ProgramData\Malwarebytes
2009-10-27 16:02:33 ----D---- C:\Program Files\AVG
2009-10-27 16:02:31 ----D---- C:\ProgramData\avg9
2009-10-27 14:31:47 ----A---- C:\Windows\system32\tzres.dll
2009-10-27 13:45:41 ----D---- C:\95be18987da4a954169f24fd5db0
2009-10-27 13:42:46 ----D---- C:\Program Files\Trend Micro
2009-10-26 22:16:48 ----D---- C:\Windows\Minidump
2009-10-26 21:01:36 ----A---- C:\Windows\system32\msdtcprx.dll
2009-10-26 21:01:35 ----A---- C:\Windows\system32\xolehlp.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-10-26 21:01:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-10-26 21:01:23 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlansec.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanhlp.dll
2009-10-26 21:01:22 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-26 21:01:02 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\netiougc.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-26 21:01:01 ----A---- C:\Windows\system32\finger.exe
2009-10-26 21:01:01 ----A---- C:\Windows\system32\ARP.EXE
2009-10-26 21:01:00 ----A---- C:\Windows\system32\netevent.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\t2embed.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\fontsub.dll
2009-10-26 20:59:58 ----A---- C:\Windows\system32\atmfd.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\lpk.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\dciman32.dll
2009-10-26 20:59:57 ----A---- C:\Windows\system32\atmlib.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\wdigest.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-26 20:59:50 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\secur32.dll
2009-10-26 20:59:49 ----A---- C:\Windows\system32\lsass.exe
2009-10-26 20:59:42 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-26 20:59:42 ----A---- C:\Windows\system32\mf.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\rrinstaller.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfps.dll
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mfpmp.exe
2009-10-26 20:59:41 ----A---- C:\Windows\system32\mferror.dll
2009-10-26 20:59:36 ----A---- C:\Windows\system32\winhttp.dll
2009-10-26 20:59:07 ----A---- C:\Windows\system32\atl.dll
2009-10-26 20:59:02 ----A---- C:\Windows\system32\gdi32.dll
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-26 20:58:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-26 20:58:38 ----A---- C:\Windows\system32\wkssvc.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\tsgqec.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\mstscax.dll
2009-10-26 20:58:31 ----A---- C:\Windows\system32\aaclient.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3r.dll
2009-10-26 20:58:26 ----A---- C:\Windows\system32\msxml3.dll
2009-10-26 20:58:22 ----A---- C:\Windows\system32\netapi32.dll
2009-10-26 20:58:04 ----A---- C:\Windows\system32\EncDec.dll
2009-10-26 20:58:02 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-26 20:58:01 ----A---- C:\Windows\system32\mcmde.dll
2009-10-26 20:57:44 ----A---- C:\Windows\system32\shell32.dll
2009-10-26 20:57:24 ----A---- C:\Windows\system32\localspl.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avifil32.dll
2009-10-26 20:57:17 ----A---- C:\Windows\system32\avicap32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvidc32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msvfw32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\msrle32.dll
2009-10-26 20:57:16 ----A---- C:\Windows\system32\mciavi32.dll
2009-10-26 20:57:11 ----A---- C:\Windows\explorer.exe
2009-10-26 20:57:03 ----A---- C:\Windows\system32\rpcss.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\sdohlp.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-10-26 20:57:01 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasrecst.dll
2009-10-26 20:57:01 ----A---- C:\Windows\system32\iasdatastore.dll
2009-10-26 20:57:00 ----A---- C:\Windows\system32\iasads.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-10-26 20:56:53 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-10-26 20:56:52 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-10-26 20:56:45 ----A---- C:\Windows\system32\kernel32.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\apilogen.dll
2009-10-26 20:56:44 ----A---- C:\Windows\system32\amxread.dll
2009-10-26 20:56:21 ----A---- C:\Windows\system32\wmpdxm.dll
2009-10-26 20:55:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-26 20:55:54 ----A---- C:\Windows\system32\gameux.dll
2009-10-26 20:55:53 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-26 20:55:44 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-10-26 20:55:43 ----A---- C:\Windows\system32\logagent.exe
2009-10-26 20:55:36 ----A---- C:\Windows\system32\msasn1.dll
2009-10-26 20:55:30 ----A---- C:\Windows\system32\connect.dll
2009-10-26 20:55:26 ----A---- C:\Windows\system32\rpcrt4.dll
2009-10-26 20:39:57 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-26 20:38:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:23:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:23:14 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wups.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 20:22:37 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 20:22:14 ----A---- C:\Windows\system32\wuapp.exe
2009-10-26 18:51:54 ----D---- C:\Users\Raymond\AppData\Roaming\SUPERAntiSpyware.com
2009-10-26 18:51:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-10-26 17:38:43 ----A---- C:\Windows\system32\VoucherLog.txt
2009-10-26 17:38:32 ----A---- C:\Windows\system32\VchReg.dll
2009-10-26 17:38:31 ----D---- C:\Program Files\SpywareDetector
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcr71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\msvcp71.dll
2009-10-26 17:38:31 ----A---- C:\Windows\system32\MFC71.dll
2009-10-26 17:34:50 ----AD---- C:\ProgramData\TEMP
2009-10-24 21:46:53 ----D---- C:\Program Files\Panda Security
2009-10-24 21:40:53 ----D---- C:\Windows\BDOSCAN8
2009-10-24 20:45:10 ----D---- C:\Windows\pss
2009-10-24 20:39:45 ----D---- C:\Program Files\CCleaner
2009-10-24 20:31:39 ----A---- C:\Windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
2009-10-20 20:34:56 ----A---- C:\Windows\system32\klogon.dll
2009-10-20 16:04:42 ----D---- C:\Program Files\VS Revo Group

======List of files/folders modified in the last 1 months======

2009-10-30 17:52:36 ----D---- C:\Windows\Prefetch
2009-10-30 17:52:35 ----D---- C:\Windows\Temp
2009-10-30 17:40:18 ----D---- C:\ProgramData\Kaspersky Lab
2009-10-30 17:27:30 ----HD---- C:\Windows\system32\GroupPolicy
2009-10-30 17:27:30 ----HD---- C:\ProgramData
2009-10-30 17:24:24 ----D---- C:\Windows\rescache
2009-10-30 16:51:52 ----D---- C:\System Volume Information
2009-10-30 16:44:59 ----D---- C:\Windows\Microsoft.NET
2009-10-30 16:29:31 ----D---- C:\Windows
2009-10-30 16:21:24 ----SHD---- C:\Windows\Installer
2009-10-30 16:21:07 ----D---- C:\Windows\system32\drivers
2009-10-30 16:20:46 ----D---- C:\Windows\system32\catroot
2009-10-30 16:20:45 ----D---- C:\Windows\inf
2009-10-30 16:19:56 ----D---- C:\Windows\System32
2009-10-30 16:19:13 ----RD---- C:\Program Files
2009-10-30 16:17:13 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-10-30 15:59:09 ----D---- C:\Windows\system32\migration
2009-10-30 15:59:09 ----D---- C:\Program Files\Internet Explorer
2009-10-30 15:59:07 ----D---- C:\Windows\system32\en-US
2009-10-30 15:59:07 ----D---- C:\Windows\PolicyDefinitions
2009-10-30 15:58:18 ----D---- C:\Windows\winsxs
2009-10-30 15:57:43 ----D---- C:\Windows\system32\catroot2
2009-10-30 14:52:30 ----RSD---- C:\Windows\assembly
2009-10-30 14:50:57 ----D---- C:\ProgramData\Microsoft Help
2009-10-30 14:46:56 ----RSD---- C:\Windows\Fonts
2009-10-30 14:46:53 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-30 14:46:42 ----D---- C:\Program Files\Microsoft Works
2009-10-30 14:45:10 ----A---- C:\Windows\win.ini
2009-10-30 14:45:09 ----D---- C:\Program Files\Common Files\System
2009-10-29 15:45:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-29 15:37:14 ----D---- C:\Windows\system32\XPSViewer
2009-10-29 15:37:14 ----D---- C:\Windows\system32\wbem
2009-10-29 15:24:34 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 15:14:42 ----D---- C:\Windows\system32\Tasks
2009-10-29 15:10:57 ----SHD---- C:\$Recycle.Bin
2009-10-29 15:10:09 ----RD---- C:\Users
2009-10-29 14:56:53 ----D---- C:\Program Files\Windows Media Player
2009-10-28 22:52:32 ----SD---- C:\Users\Raymond\AppData\Roaming\Microsoft
2009-10-28 22:35:01 ----D---- C:\Windows\system32\config
2009-10-28 22:34:47 ----D---- C:\Windows\Tasks
2009-10-28 22:34:47 ----D---- C:\Windows\system32\spool
2009-10-28 22:34:45 ----D---- C:\Windows\registration
2009-10-28 19:17:31 ----D---- C:\Program Files\Common Files
2009-10-27 18:43:11 ----SD---- C:\ProgramData\Microsoft
2009-10-27 18:17:30 ----A---- C:\Windows\DUMP56c6.tmp
2009-10-27 17:57:22 ----A---- C:\Windows\DUMP5aeb.tmp
2009-10-27 17:49:14 ----A---- C:\Windows\DUMP5bd5.tmp
2009-10-27 17:40:59 ----A---- C:\Windows\DUMP64e9.tmp
2009-10-27 17:09:48 ----A---- C:\Windows\DUMP66dc.tmp
2009-10-27 15:40:57 ----D---- C:\Windows\Debug
2009-10-27 15:35:34 ----A---- C:\Windows\DUMP89a8.tmp
2009-10-27 15:24:07 ----A---- C:\Windows\DUMP38da.tmp
2009-10-27 15:15:44 ----A---- C:\Windows\DUMP8c28.tmp
2009-10-27 15:07:26 ----A---- C:\Windows\DUMPa89d.tmp
2009-10-27 14:59:47 ----ASH---- C:\Program Files\desktop.ini
2009-10-27 14:55:36 ----D---- C:\Windows\AppPatch
2009-10-27 14:55:34 ----D---- C:\Program Files\Windows Mail
2009-10-27 14:55:33 ----D---- C:\Windows\ehome
2009-10-27 14:55:30 ----D---- C:\Windows\system32\manifeststore
2009-10-27 14:06:13 ----A---- C:\Windows\DUMP4d73.tmp
2009-10-27 13:54:20 ----A---- C:\Windows\DUMP4662.tmp
2009-10-27 13:47:27 ----A---- C:\Windows\DUMP5179.tmp
2009-10-27 13:36:23 ----A---- C:\Windows\DUMP4eab.tmp
2009-10-26 17:39:15 ----D---- C:\Windows\system
2009-10-24 20:32:06 ----D---- C:\Program Files\TalkTalk
2009-10-23 11:06:01 ----D---- C:\Program Files\Kontiki
2009-10-23 11:05:59 ----D---- C:\ProgramData\Kontiki
2009-10-23 10:54:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 10:54:44 ----D---- C:\Windows\SchCache
2009-10-23 10:54:22 ----D---- C:\Windows\Globalization
2009-10-02 11:01:58 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-10-30 311312]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2007-07-30 14168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 737280]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
S1 SASDIFSV;SASDIFSV; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SASENUM;SASENUM; \??\C:\Users\Raymond\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-25 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

PS - the system seems to be stable now

Thanks, Martin

You are welcome, glad we could help.

Well, not all useless entries were deleted, but seems to be better now. Please check if mbam returns a clean log. If so, you are good to go.

Chris

Hi,

all clear when I run mbam.

Thanks again

Martin

This topic has been closed as the problem has been resolved. If there is a need to reopen this topic, please send a PM to a Moderator.

Chris