Inactive [InActive] Friends Vista PC's log files

Admin. · 2008/10/08

OK, this is from a friend of mine, His ISP told him that his system was sending spam email. Then it apparently stopped? Don't think I want to believe them but anyway, can you check & see if there's anything wrong?

Logfile of random's system information tool 1.04 (written by random/random)
Run by Max at 2008-10-08 15:19:48
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 99 GB (67%) free of 148 GB
Total RAM: 3069 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:53, on 08/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Users\Max\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Max\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Max.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe "
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe "
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe "
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: connect - Shortcut.lnk = C:\connect.bat
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Liant RMUC Service (RMUCService) - Liant Software Corporation - C:\rmcobol\rmucs.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11860 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"ePower_DMC "=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-03-12 397312]
"eDataSecurity Loader "=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"eAudio "=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"BkupTray "=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-02-26 34040]
"NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2008-03-07 13527584]
"NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2008-03-07 92704]
"IAAnotif "=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000 "=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-05-23 3642368]
"PLFSetI "=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager "=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-03-13 805384]
"eRecoveryService "= []
"ArcadeDeluxeAgent "=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-03-06 147456]
"WarReg_PopUp "=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"CLMLServer "=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-03-06 167936]
"PlayMovie "=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LogMeIn GUI "=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]
"IntelliPoint "=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"PC Suite Tray "=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
connect - Shortcut.lnk - C:\connect.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-05-23 3024384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=scecli
C:\Program Files\Acer\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc1206e-5e2d-11dd-88df-00a0d1a6b5b5}]
shell\AutoRun\command - winPenPack.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a11abe4-951c-11dd-ad72-00a0d1a6b5b5}]
shell\AutoRun\command - E:\ttxp.exe

======List of files/folders created in the last 3 months======

2008-10-08 14:17:13 ----A---- C:\Windows\system32\aswBoot.exe
2008-10-08 14:17:12 ----D---- C:\Program Files\Alwil Software
2008-10-08 13:11:15 ----D---- C:\Program Files\Panda Security
2008-10-08 12:53:06 ----D---- C:\rsit
2008-10-08 12:52:38 ----D---- C:\Program Files\Trend Micro
2008-10-07 15:22:00 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-07 15:21:59 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-07 15:04:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-07 15:04:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-07 14:58:11 ----D---- C:\Program Files\Free Antispam Scanner
2008-09-28 15:04:27 ----A---- C:\Windows\PhotoSnapViewer.INI
2008-09-28 10:44:08 ----D---- C:\Users\Max\AppData\Roaming\vlc
2008-09-28 10:42:54 ----D---- C:\ProgramData\DreamboxManagerSuite
2008-09-19 13:38:30 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-09-18 08:15:24 ----A---- C:\Windows\system32\wups2.dll
2008-09-18 08:15:24 ----A---- C:\Windows\system32\wucltux.dll
2008-09-18 08:15:24 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-18 08:15:24 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-18 08:15:14 ----A---- C:\Windows\system32\wups.dll
2008-09-18 08:15:14 ----A---- C:\Windows\system32\wudriver.dll
2008-09-18 08:15:14 ----A---- C:\Windows\system32\wuapi.dll
2008-09-18 08:15:07 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-18 08:15:07 ----A---- C:\Windows\system32\wuapp.exe
2008-09-15 08:38:51 ----D---- C:\ProgramData\FLEXnet
2008-09-15 08:34:48 ----D---- C:\Program Files\Bonjour
2008-09-15 08:30:44 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-09-10 10:02:13 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 10:02:12 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 10:01:23 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 10:01:21 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 10:01:21 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 10:01:21 ----A---- C:\Windows\system32\cdd.dll
2008-09-05 10:12:30 ----D---- C:\Program Files\PC Connectivity Solution
2008-08-31 19:02:21 ----D---- C:\Windows\Minidump
2008-08-31 16:08:16 ----D---- C:\Users\Max\AppData\Roaming\skypePM
2008-08-31 16:06:20 ----D---- C:\Users\Max\AppData\Roaming\Skype
2008-08-31 16:06:06 ----D---- C:\Program Files\Skype
2008-08-31 16:06:06 ----D---- C:\Program Files\Common Files\Skype
2008-08-31 16:06:03 ----D---- C:\ProgramData\Skype
2008-08-27 13:05:17 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-08-27 13:05:17 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-08-27 13:05:16 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-08-27 13:05:16 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-08-27 13:05:16 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-08-27 13:05:16 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-08-27 13:05:15 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-08-27 13:05:15 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-08-27 13:05:15 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-08-27 13:05:15 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-08-27 13:05:14 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-08-27 13:05:14 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-08-27 13:05:14 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-08-27 13:04:36 ----HD---- C:\Windows\msdownld.tmp
2008-08-27 13:04:31 ----D---- C:\Windows\system32\directx
2008-08-27 12:58:35 ----A---- C:\Windows\NeroDigital.ini
2008-08-25 12:28:00 ----A---- C:\Windows\system32\hpxp3770.dll
2008-08-25 12:28:00 ----A---- C:\Windows\system32\hpgt3770.dll
2008-08-25 12:28:00 ----A---- C:\Windows\system32\hp3770co.dll
2008-08-21 16:46:06 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-08-20 15:54:29 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-08-20 15:54:29 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-08-20 15:54:29 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-08-20 15:54:29 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-08-20 15:54:28 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-08-20 14:41:48 ----D---- C:\ProgramData\Funcom
2008-08-17 10:45:41 ----D---- C:\Windows\Sun
2008-08-17 10:40:46 ----A---- C:\Windows\system32\javaws.exe
2008-08-17 10:40:46 ----A---- C:\Windows\system32\javaw.exe
2008-08-17 10:40:46 ----A---- C:\Windows\system32\java.exe
2008-08-17 10:40:16 ----D---- C:\Program Files\Java
2008-08-17 10:39:18 ----D---- C:\Program Files\Common Files\Java
2008-08-16 12:39:27 ----D---- C:\ProgramData\PlayMovie
2008-08-15 12:02:47 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-08-15 12:02:47 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-08-15 12:02:47 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-08-15 12:02:47 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-08-15 12:02:46 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-08-15 12:02:46 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-08-15 12:02:46 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-08-15 12:02:46 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\xinput1_3.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-08-15 12:02:45 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-08-15 12:02:44 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-08-15 12:02:44 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-08-15 12:02:44 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-08-15 12:02:44 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-08-15 12:02:43 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-08-15 12:02:43 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-08-15 12:02:43 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-08-15 12:02:43 ----A---- C:\Windows\system32\d3dx10.dll
2008-08-15 11:20:36 ----D---- C:\ProgramData\Ubisoft
2008-08-15 11:09:03 ----A---- C:\Windows\system32\xinput1_2.dll
2008-08-15 11:09:03 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-08-15 11:09:03 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-08-15 11:09:03 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-08-15 11:09:03 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-08-15 11:09:02 ----A---- C:\Windows\system32\xinput1_1.dll
2008-08-15 11:09:02 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-08-15 11:08:57 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-08-15 11:08:57 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-08-15 11:08:57 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-08-15 11:08:56 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-08-15 11:08:56 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-08-15 11:08:56 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-08-15 11:08:56 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-08-15 10:43:57 ----D---- C:\Program Files\Ubisoft
2008-08-15 09:27:27 ----A---- C:\Windows\system32\tzres.dll
2008-08-15 09:19:53 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-15 09:19:53 ----A---- C:\Windows\system32\es.dll
2008-08-15 09:19:48 ----A---- C:\Windows\system32\wininet.dll
2008-08-15 09:19:48 ----A---- C:\Windows\system32\urlmon.dll
2008-08-15 09:19:48 ----A---- C:\Windows\system32\mshtml.dll
2008-08-15 09:19:48 ----A---- C:\Windows\system32\ieframe.dll
2008-08-15 09:19:47 ----A---- C:\Windows\system32\mstime.dll
2008-08-15 09:19:47 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-15 09:18:54 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-14 15:23:35 ----A---- C:\connect.bat
2008-08-12 09:24:38 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-12 09:22:46 ----D---- C:\ProgramData\NOS
2008-08-12 09:22:46 ----D---- C:\Program Files\NOS
2008-08-08 13:23:47 ----D---- C:\united
2008-08-08 12:10:52 ----D---- C:\Program Files\Common Files\Liant Shared
2008-08-08 12:10:46 ----D---- C:\rmcobol
2008-08-08 12:09:00 ----A---- C:\Windows\IsUninst.exe
2008-08-08 11:35:12 ----D---- C:\ProgramData\LogMeIn
2008-08-08 11:35:06 ----A---- C:\Windows\system32\LMIRfsClientNP.dll
2008-08-08 11:35:06 ----A---- C:\Windows\system32\LMIport.dll
2008-08-08 11:35:04 ----A---- C:\Windows\system32\LMIinit.dll
2008-08-08 11:34:58 ----D---- C:\Program Files\LogMeIn
2008-08-05 10:20:40 ----A---- C:\Windows\TSearch.INI
2008-08-05 08:54:22 ----A---- C:\Windows\system32\CSPLLP9X.DLL
2008-08-05 08:54:22 ----A---- C:\Windows\system32\CSPLLP.dll
2008-08-05 08:54:18 ----A---- C:\Windows\system32\LFXPJL9X.dll
2008-08-05 08:54:17 ----A---- C:\Windows\system32\LFXPM9x.dll
2008-08-05 08:54:00 ----A---- C:\Windows\system32\imhost32.dll
2008-08-05 08:54:00 ----A---- C:\Windows\system32\imgman32.dll
2008-08-05 08:53:53 ----A---- C:\Windows\system32\LFXPM.dll
2008-08-05 08:53:51 ----A---- C:\Windows\system32\LFXPCLPO.exe
2008-08-05 08:53:49 ----A---- C:\Windows\system32\LFXPJL91.dll
2008-08-05 08:53:29 ----D---- C:\Program Files\Companion Suite Pro LL
2008-08-02 13:27:31 ----A---- C:\Windows\WoWEmuHackSettings.ini
2008-07-31 20:35:39 ----D---- C:\Program Files\Ares
2008-07-31 20:21:08 ----D---- C:\Program Files\World of Warcraft
2008-07-31 20:21:08 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-31 19:20:23 ----A---- C:\Windows\system32\difxapi.dll
2008-07-31 19:19:31 ----D---- C:\Users\Max\AppData\Roaming\WinRAR
2008-07-31 16:51:36 ----D---- C:\Program Files\Microsoft Silverlight
2008-07-31 11:50:07 ----D---- C:\Program Files\Avira
2008-07-31 09:08:30 ----D---- C:\Users\Max\AppData\Roaming\Ahead
2008-07-31 09:08:28 ----D---- C:\ProgramData\LightScribe
2008-07-31 08:46:37 ----D---- C:\Program Files\MSXML 4.0
2008-07-31 08:46:37 ----D---- C:\Config.Msi
2008-07-31 08:45:55 ----D---- C:\Windows\Telch
2008-07-31 08:45:35 ----D---- C:\Windows\XmlDiUsb
2008-07-31 08:45:16 ----D---- C:\LFF
2008-07-31 08:22:37 ----D---- C:\ProgramData\Ahead
2008-07-31 08:21:26 ----D---- C:\ProgramData\Nero
2008-07-31 08:21:26 ----D---- C:\Program Files\Nero
2008-07-31 08:21:26 ----D---- C:\Program Files\Common Files\Ahead
2008-07-31 08:18:44 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-07-31 08:18:43 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-07-30 18:32:08 ----D---- C:\Users\Max\AppData\Roaming\NSeries
2008-07-30 18:21:01 ----DC---- C:\Windows\system32\DRVSTORE
2008-07-30 18:17:28 ----D---- C:\Program Files\Convesoft
2008-07-30 18:10:46 ----D---- C:\ProgramData\Nokia
2008-07-30 18:08:29 ----D---- C:\Windows\Downloaded Installations
2008-07-30 16:29:05 ----D---- C:\ProgramData\PC Suite
2008-07-30 16:28:27 ----D---- C:\Users\Max\AppData\Roaming\Nokia
2008-07-30 16:28:08 ----D---- C:\Program Files\Common Files\PCSuite
2008-07-30 16:28:08 ----D---- C:\Program Files\Common Files\Nokia
2008-07-30 16:27:58 ----D---- C:\Program Files\DIFX
2008-07-30 16:27:23 ----D---- C:\Users\Max\AppData\Roaming\PC Suite
2008-07-30 16:26:00 ----D---- C:\Program Files\Nokia
2008-07-30 16:26:00 ----A---- C:\Windows\system32\nmwcdcls.dll
2008-07-30 16:25:27 ----D---- C:\ProgramData\Installations
2008-07-30 16:14:32 ----D---- C:\Program Files\MSN Messenger
2008-07-30 16:03:28 ----D---- C:\Users\Max\AppData\Roaming\Talkback
2008-07-30 16:03:17 ----D---- C:\Users\Max\AppData\Roaming\Mozilla
2008-07-30 15:10:22 ----D---- C:\Program Files\Microsoft Money 2007
2008-07-30 15:02:03 ----D---- C:\Program Files\Mozilla Firefox
2008-07-30 15:01:12 ----D---- C:\Program Files\WinRAR
2008-07-30 14:54:10 ----A---- C:\Windows\system32\msxml4r.dll
2008-07-30 14:09:59 ----D---- C:\Users\Max\AppData\Roaming\Acer
2008-07-30 14:07:39 ----D---- C:\Program Files\Microsoft Works
2008-07-30 14:07:07 ----D---- C:\Program Files\Microsoft Visual Studio
2008-07-30 14:07:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-07-30 14:06:02 ----D---- C:\Windows\PCHEALTH
2008-07-30 14:06:02 ----D---- C:\Program Files\Microsoft.NET
2008-07-30 14:04:37 ----A---- C:\Windows\system32\msshooks.dll
2008-07-30 14:04:36 ----A---- C:\Windows\system32\msscb.dll
2008-07-30 14:04:33 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-07-30 14:04:33 ----A---- C:\Windows\system32\propsys.dll
2008-07-30 14:04:33 ----A---- C:\Windows\system32\propdefs.dll
2008-07-30 14:04:33 ----A---- C:\Windows\system32\msstrc.dll
2008-07-30 14:04:33 ----A---- C:\Windows\system32\mssprxy.dll
2008-07-30 14:04:33 ----A---- C:\Windows\system32\mssitlb.dll
2008-07-30 14:04:33 ----A---- C:\Windows\system32\msshsq.dll
2008-07-30 14:04:32 ----A---- C:\Windows\system32\thawbrkr.dll
2008-07-30 14:04:32 ----A---- C:\Windows\system32\srchadmin.dll
2008-07-30 14:04:32 ----A---- C:\Windows\system32\rtffilt.dll
2008-07-30 14:04:32 ----A---- C:\Windows\system32\korwbrkr.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\xmlfilter.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\wsepno.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-07-30 14:04:31 ----A---- C:\Windows\system32\offfilt.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\nlhtml.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\msscntrs.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\mimefilt.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\chtbrkr.dll
2008-07-30 14:04:31 ----A---- C:\Windows\system32\chsbrkr.dll
2008-07-30 14:04:30 ----A---- C:\Windows\system32\tquery.dll
2008-07-30 14:04:30 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-07-30 14:04:30 ----A---- C:\Windows\system32\mssvp.dll
2008-07-30 14:04:30 ----A---- C:\Windows\system32\mssrch.dll
2008-07-30 14:04:30 ----A---- C:\Windows\system32\mssphtb.dll
2008-07-30 14:04:30 ----A---- C:\Windows\system32\mssph.dll
2008-07-30 14:02:29 ----D---- C:\Program Files\Microsoft Office
2008-07-30 14:02:06 ----RHD---- C:\MSOCache
2008-07-30 13:59:33 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-30 13:59:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-30 13:59:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-30 13:59:32 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-30 13:59:26 ----A---- C:\Windows\system32\gameux.dll
2008-07-30 13:59:21 ----A---- C:\Windows\system32\fsquirt.exe
2008-07-30 13:59:18 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-30 13:59:16 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-30 13:59:03 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-30 13:58:30 ----A---- C:\Windows\system32\gdi32.dll
2008-07-30 13:58:23 ----A---- C:\Windows\system32\shell32.dll
2008-07-30 13:58:12 ----A---- C:\Windows\system32\kd1394.dll
2008-07-30 13:58:10 ----A---- C:\Windows\system32\winload.exe
2008-07-30 13:58:10 ----A---- C:\Windows\system32\ci.dll
2008-07-30 13:58:09 ----A---- C:\Windows\system32\winresume.exe
2008-07-30 13:57:56 ----A---- C:\Windows\system32\srdelayed.exe
2008-07-30 13:57:56 ----A---- C:\Windows\system32\srcore.dll
2008-07-30 13:57:56 ----A---- C:\Windows\system32\srclient.dll
2008-07-30 13:57:56 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-07-30 13:57:56 ----A---- C:\Windows\system32\rstrui.exe
2008-07-30 13:57:53 ----A---- C:\Windows\system32\kbd106n.dll
2008-07-30 13:57:31 ----A---- C:\Windows\system32\wshext.dll
2008-07-30 13:57:31 ----A---- C:\Windows\system32\wscript.exe
2008-07-30 13:57:31 ----A---- C:\Windows\system32\vbscript.dll
2008-07-30 13:57:31 ----A---- C:\Windows\system32\jscript.dll
2008-07-30 13:57:31 ----A---- C:\Windows\system32\cscript.exe
2008-07-30 13:57:30 ----A---- C:\Windows\system32\scrrun.dll
2008-07-30 13:57:30 ----A---- C:\Windows\system32\scrobj.dll
2008-07-30 13:57:05 ----A---- C:\Windows\system32\quartz.dll
2008-07-30 13:56:59 ----A---- C:\Windows\system32\EncDec.dll
2008-07-30 13:56:54 ----A---- C:\Windows\system32\psisdecd.dll
2008-07-30 13:30:03 ----D---- C:\Users\Max\AppData\Roaming\Adobe
2008-07-30 13:27:43 ----D---- C:\Users\Max\AppData\Roaming\eSobi
2008-07-30 12:59:11 ----D---- C:\Users\Max\AppData\Roaming\CyberLink
2008-07-30 12:57:49 ----D---- C:\Users\Max\AppData\Roaming\Macromedia
2008-07-30 12:57:42 ----D---- C:\Users\Max\AppData\Roaming\Validity
2008-07-30 12:57:14 ----D---- C:\Users\Max\AppData\Roaming\Identities
2008-07-30 12:56:25 ----D---- C:\ACERSW
2008-07-30 12:56:07 ----D---- C:\Users\Max\AppData\Roaming\Media Center Programs
2008-07-30 12:56:07 ----D---- C:\Users\Max\AppData\Roaming\Acer GameZone Console
2008-07-30 12:56:06 ----SD---- C:\Users\Max\AppData\Roaming\Microsoft

======List of files/folders modified in the last 3 months======

2008-10-08 15:19:51 ----D---- C:\Windows\Temp
2008-10-08 14:17:23 ----D---- C:\Windows\system32\drivers
2008-10-08 14:17:23 ----D---- C:\Windows\System32
2008-10-08 14:17:12 ----RD---- C:\Program Files
2008-10-08 14:05:09 ----SD---- C:\Windows\Downloaded Program Files
2008-10-08 14:03:30 ----HD---- C:\ProgramData
2008-10-08 14:03:12 ----SHD---- C:\System Volume Information
2008-10-08 13:10:47 ----D---- C:\Windows\inf
2008-10-08 13:10:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-08 12:59:27 ----D---- C:\Windows
2008-10-07 15:22:00 ----D---- C:\Windows\Prefetch
2008-10-05 13:43:53 ----D---- C:\Windows\system32\Tasks
2008-10-01 08:00:18 ----D---- C:\Windows\system32\catroot2
2008-09-19 13:39:36 ----SHD---- C:\Windows\Installer
2008-09-19 13:39:35 ----D---- C:\Windows\system32\catroot
2008-09-19 13:38:32 ----RSD---- C:\Windows\Fonts
2008-09-18 08:38:15 ----D---- C:\Windows\rescache
2008-09-18 08:22:19 ----D---- C:\Windows\system32\en-US
2008-09-18 08:21:43 ----D---- C:\Windows\winsxs
2008-09-15 08:35:06 ----D---- C:\Program Files\Adobe
2008-09-15 08:34:46 ----D---- C:\Program Files\Common Files\Adobe
2008-09-15 08:30:44 ----D---- C:\Program Files\Common Files
2008-09-10 16:38:44 ----D---- C:\Windows\AppPatch
2008-09-10 16:36:52 ----D---- C:\ProgramData\Microsoft Help
2008-08-27 13:04:30 ----D---- C:\Windows\Logs
2008-08-27 12:19:10 ----HD---- C:\Windows\system32\GroupPolicy
2008-08-26 22:28:12 ----A---- C:\Windows\system32\mrt.exe
2008-08-21 16:45:55 ----RSD---- C:\Windows\assembly
2008-08-19 18:24:59 ----RD---- C:\Users
2008-08-15 16:59:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-15 11:08:59 ----D---- C:\Windows\Microsoft.NET
2008-08-15 09:31:11 ----D---- C:\Windows\system32\migration
2008-08-15 09:31:11 ----D---- C:\Program Files\Windows Mail
2008-08-14 18:55:55 ----D---- C:\ProgramData\CyberLink
2008-08-14 12:28:07 ----SHD---- C:\$RECYCLE.BIN
2008-08-12 09:24:30 ----D---- C:\ProgramData\Adobe
2008-08-12 08:46:03 ----D---- C:\Windows\system32\LogFiles
2008-08-08 13:41:51 ----D---- C:\Windows\system32\NDF
2008-08-05 08:54:00 ----D---- C:\Windows\twain_32
2008-08-03 12:42:16 ----D---- C:\Windows\LiveKernelReports
2008-08-01 18:28:41 ----SD---- C:\ProgramData\Microsoft
2008-08-01 16:35:27 ----D---- C:\Windows\system32\WDI
2008-07-31 09:49:42 ----D---- C:\ProgramData\McAfee
2008-07-31 09:47:40 ----D---- C:\Windows\Tasks
2008-07-31 09:47:22 ----D---- C:\ProgramData\SiteAdvisor
2008-07-31 08:22:05 ----D---- C:\Windows\ehome
2008-07-31 08:15:22 ----D---- C:\TEMP
2008-07-30 18:08:51 ----D---- C:\Windows\Globalization
2008-07-30 15:20:17 ----D---- C:\Windows\Debug
2008-07-30 14:16:36 ----D---- C:\Windows\PolicyDefinitions
2008-07-30 14:16:31 ----D---- C:\Windows\system32\Boot
2008-07-30 14:12:24 ----D---- C:\Program Files\Common Files\microsoft shared
2008-07-30 14:11:28 ----A---- C:\Windows\win.ini
2008-07-30 14:06:57 ----D---- C:\Windows\ShellNew
2008-07-30 14:03:17 ----D---- C:\Program Files\Common Files\System
2008-07-30 14:00:38 ----D---- C:\Windows\SoftwareDistribution
2008-07-30 13:32:38 ----D---- C:\Program Files\Yahoo!
2008-07-30 13:28:23 ----D---- C:\ProgramData\eSobi
2008-07-30 12:56:34 ----D---- C:\Program Files\Acer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-07-22 47616]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2008-06-09 18504]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-03-07 7480384]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-06-10 33352]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-02-15 40752]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 aagilu;aagilu; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX01.279\aagilu.sys []
S3 aesssj;aesssj; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX08.182\aesssj.sys []
S3 bgtalkw;bgtalkw; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX08.182\bgtalkw.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 eglhqsxrj;eglhqsxrj; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX01.279\eglhqsxrj.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 wdraidwq;wdraidwq; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX00.184\wdraidwq.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 XMLDIUSB;XML USB Device Interface; C:\Windows\System32\Drivers\XMLDIUSB.sys [2007-05-09 31879]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-26 21752]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-08 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-05-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-07 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-26 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-03-07 49152]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 RMUCService;Liant RMUC Service; C:\rmcobol\rmucs.exe [2007-03-20 41025]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-02-15 595248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-15 654848]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

noahdfear · 2008/10/08

Hi Arie,

Not much jumping out at me. Verify this batch file is legit.

O4 - Startup: connect - Shortcut.lnk = C:\connect.bat

A few odd drivers run from a temp location, not loaded BTW, that appear to no longer be present.

S3 aagilu;aagilu; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX01.279\aagilu.sys []
S3 aesssj;aesssj; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX08.182\aesssj.sys []
S3 bgtalkw;bgtalkw; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX08.182\bgtalkw.sys []
S3 eglhqsxrj;eglhqsxrj; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX01.279\eglhqsxrj.sys []
S3 wdraidwq;wdraidwq; \??\C:\Users\Max\AppData\Local\Temp\Rar$EX00.184\wdraidwq.sys []

Looks like they came out of a self-extracting exe ... what bothers me is the random named sys files. Nuke those using the following commands from the Run line 1 at a time.

sc delete aagilu
sc delete aesssj
sc delete bgtalkw
sc delete eglhqsxrj
sc delete wdraidwq

Run ATF Cleaner to clear all temp files and recycle bin.

I see Panda ActiveScan was run, but recommend a Kaspersky online scan as well.

Post a fresh RSIT log after rebooting a couple times.

Admin. · 2008/10/09

OK, have told him to run those commands & check connect.bat.

I tried running Kaspersky online scan, but kept getting an error that said the license had expired. Panda only found some cookies & implicated an Acer driver...

noahdfear · 2008/10/09

That's the old Kaspersky link. Use the new one.

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Log in or Sign up

Inactive [InActive] Friends Vista PC's log files

Admin. Administrator Administrator Staff Thread Starter

noahdfear Inactive

Admin. Administrator Administrator Staff Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Inactive [InActive] Friends Vista PC's log files

Admin. Administrator Administrator Staff Thread Starter

noahdfear Inactive

Admin. Administrator Administrator Staff Thread Starter

noahdfear Inactive

Share This Page

Useful Searches