1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Keylogger trying to get my wow

Discussion in 'Malware and Virus Removal Archive' started by mikedude, 2008/10/30.

  1. 2008/10/30
    mikedude

    mikedude Inactive Thread Starter

    Joined:
    2008/10/30
    Messages:
    1
    Likes Received:
    0
    Hi guys I am not very good with computers. I am thinker though and I think a keylogger has got me. Please help me in the removal. I would be eternally thankful.


    Here is my log,

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Bestbuy at 2008-10-30 14:55:01
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
    System drive C: has 341 GB (73%) free of 468 GB
    Total RAM: 3070 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:55:14 PM, on 10/30/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Bestbuy\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Bestbuy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [yiaoegm] "c:\users\bestbuy\appdata\local\yiaoegm.exe" yiaoegm
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: www.download.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7687 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\HPCeeScheduleForBestbuy.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-30 455960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-30 2055960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-30 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    " "= []
    "MSConfig "=C:\Windows\system32\msconfig.exe [2008-01-18 227840]
    "IntelliPoint "=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
    "NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2008-05-02 13535776]
    "NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2008-05-02 92704]
    "RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-30 1234712]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher "=C:\Windows\SMINST\launcher.exe [2007-04-03 44168]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
    "yiaoegm "=c:\users\bestbuy\appdata\local\yiaoegm.exe [2008-10-28 338432]
    "AdobeUpdater "=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
    FactoryMode []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    C:\Windows\ehome\ehTray.exe [2008-01-18 125952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-06-01 1783400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-06-14 178968]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\Windows\system32\NvCpl.dll [2008-05-02 13535776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\Windows\system32\NvMcTray.dll [2008-05-02 92704]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
    C:\Windows\system32\nvsvc.dll [2008-05-02 526880]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
    C:\Windows\system32\jureg.exe [2007-04-07 54936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    C:\Windows\system32\oobefldr.dll [2008-01-18 2153472]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
    C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-05-07 1273856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "avgrsstx.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
    LogonDll.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "EnableUIADesktopToggle "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 3 months======

    2008-10-30 14:55:01 ----D---- C:\rsit
    2008-10-30 13:14:18 ----D---- C:\Program Files\KeyScrambler
    2008-10-30 13:00:04 ----HD---- C:\$AVG8.VAULT$
    2008-10-30 12:42:04 ----A---- C:\Windows\system32\avgrsstx.dll
    2008-10-30 12:41:48 ----D---- C:\Program Files\AVG
    2008-10-30 12:41:47 ----D---- C:\ProgramData\avg8
    2008-10-30 12:22:21 ----D---- C:\Program Files\Enigma Software Group
    2008-10-28 22:30:43 ----A---- C:\Windows\system32\wersvc.dll
    2008-10-28 22:30:43 ----A---- C:\Windows\system32\Faultrep.dll
    2008-10-28 22:30:42 ----A---- C:\Windows\system32\win32spl.dll
    2008-10-28 18:09:13 ----D---- C:\Program Files\Alwil Software
    2008-10-28 17:41:18 ----A---- C:\Windows\ntbtlog.txt
    2008-10-28 12:56:54 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
    2008-10-28 12:14:30 ----D---- C:\Program Files\Trend Micro
    2008-10-23 18:17:47 ----A---- C:\Windows\system32\netapi32.dll
    2008-10-15 22:57:52 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2008-10-15 22:57:51 ----A---- C:\Windows\system32\ntoskrnl.exe
    2008-10-15 22:57:49 ----A---- C:\Windows\system32\mshtml.dll
    2008-10-15 22:57:48 ----A---- C:\Windows\system32\wininet.dll
    2008-10-15 22:57:48 ----A---- C:\Windows\system32\urlmon.dll
    2008-10-15 22:57:48 ----A---- C:\Windows\system32\ieframe.dll
    2008-10-15 22:57:47 ----A---- C:\Windows\system32\mstime.dll
    2008-10-15 22:57:47 ----A---- C:\Windows\system32\iertutil.dll
    2008-10-15 22:57:46 ----A---- C:\Windows\system32\jsproxy.dll
    2008-10-14 15:56:52 ----D---- C:\ProgramData\Blizzard
    2008-10-05 14:44:27 ----D---- C:\Program Files\SopCast
    2008-09-21 12:15:02 ----D---- C:\ProgramData\TVU Networks
    2008-09-20 17:25:38 ----D---- C:\Users\Bestbuy\AppData\Roaming\muvee Technologies
    2008-09-20 16:49:37 ----D---- C:\Users\Bestbuy\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
    2008-09-20 16:49:28 ----D---- C:\Program Files\DIRECTV
    2008-09-14 15:37:07 ----D---- C:\Users\Bestbuy\AppData\Roaming\TVU Networks
    2008-09-10 03:50:23 ----A---- C:\Windows\system32\Apphlpdm.dll
    2008-09-10 03:50:22 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2008-09-10 03:50:19 ----A---- C:\Windows\system32\wmpeffects.dll
    2008-09-10 03:50:18 ----A---- C:\Windows\system32\emdmgmt.dll
    2008-09-10 03:50:18 ----A---- C:\Windows\system32\dataclen.dll
    2008-09-10 03:50:17 ----A---- C:\Windows\system32\cdd.dll
    2008-08-27 04:45:40 ----A---- C:\Windows\system32\wups2.dll
    2008-08-27 04:45:39 ----A---- C:\Windows\system32\wucltux.dll
    2008-08-27 04:45:39 ----A---- C:\Windows\system32\wuaueng.dll
    2008-08-27 04:45:39 ----A---- C:\Windows\system32\wuauclt.exe
    2008-08-27 04:45:25 ----A---- C:\Windows\system32\wups.dll
    2008-08-27 04:45:25 ----A---- C:\Windows\system32\wudriver.dll
    2008-08-27 04:45:25 ----A---- C:\Windows\system32\wuapi.dll
    2008-08-27 04:45:19 ----A---- C:\Windows\system32\wuwebv.dll
    2008-08-27 04:45:19 ----A---- C:\Windows\system32\wuapp.exe
    2008-08-14 03:03:29 ----A---- C:\Windows\system32\tzres.dll
    2008-08-14 00:00:47 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2008-08-14 00:00:45 ----A---- C:\Windows\system32\es.dll
    2008-08-14 00:00:35 ----A---- C:\Windows\system32\inetcomm.dll

    ======List of files/folders modified in the last 3 months======

    2008-10-30 14:55:14 ----D---- C:\Windows\Temp
    2008-10-30 14:55:14 ----D---- C:\Windows\Prefetch
    2008-10-30 14:01:41 ----D---- C:\Windows\System32
    2008-10-30 14:01:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-10-30 14:01:40 ----D---- C:\Windows\inf
    2008-10-30 13:55:04 ----D---- C:\Windows\SMINST
    2008-10-30 13:49:55 ----D---- C:\Windows\system32\drivers
    2008-10-30 13:48:19 ----RD---- C:\Program Files
    2008-10-30 12:41:53 ----SHD---- C:\System Volume Information
    2008-10-30 12:41:47 ----HD---- C:\ProgramData
    2008-10-30 12:41:41 ----SHD---- C:\Windows\Installer
    2008-10-30 12:40:33 ----SD---- C:\Users\Bestbuy\AppData\Roaming\Microsoft
    2008-10-30 12:40:33 ----D---- C:\Windows
    2008-10-30 12:22:23 ----D---- C:\Windows\system32\Tasks
    2008-10-29 03:00:27 ----D---- C:\Windows\winsxs
    2008-10-28 22:30:40 ----D---- C:\Windows\system32\catroot
    2008-10-28 17:48:31 ----D---- C:\Windows\system32\catroot2
    2008-10-28 16:46:52 ----D---- C:\Fraps
    2008-10-28 13:28:15 ----D---- C:\Windows\system32\WDI
    2008-10-28 13:14:43 ----D---- C:\ProgramData\Symantec
    2008-10-28 13:14:43 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-10-28 13:13:24 ----D---- C:\Program Files\Norton Internet Security
    2008-10-28 13:11:34 ----D---- C:\Windows\Tasks
    2008-10-28 12:57:54 ----D---- C:\Program Files\Symantec
    2008-10-22 18:04:53 ----D---- C:\Users\Bestbuy\AppData\Roaming\uTorrent
    2008-10-16 16:17:58 ----SD---- C:\Windows\Downloaded Program Files
    2008-10-16 03:10:16 ----D---- C:\Program Files\Windows Mail
    2008-10-16 03:10:14 ----D---- C:\Windows\system32\migration
    2008-10-14 16:14:40 ----D---- C:\Program Files\World of Warcraft
    2008-10-07 14:19:40 ----A---- C:\Windows\system32\mrt.exe
    2008-09-20 17:19:38 ----D---- C:\Program Files\Common Files
    2008-09-20 16:49:36 ----D---- C:\ProgramData\Adobe
    2008-09-20 16:48:38 ----D---- C:\Users\Bestbuy\AppData\Roaming\Adobe
    2008-09-11 03:09:13 ----D---- C:\Windows\AppPatch
    2008-09-10 00:56:27 ----D---- C:\Windows\rescache
    2008-09-10 00:39:42 ----D---- C:\Windows\system32\en-US

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-10-30 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-10-30 26824]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-18 385072]
    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080215.002\IDSvix86.sys [2008-02-13 261680]
    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
    R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-10-30 69128]
    R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-18 159744]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-18 109616]
    R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
    R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-11 1793880]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-02 7460320]
    R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064]
    R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]
    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-06-25 123952]
    R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]
    R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]
    R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
    R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
    S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080217.003\NAVENG.SYS [2008-01-21 82256]
    S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080217.003\NAVEX15.SYS [2008-01-21 895312]
    S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-23 47360]
    S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-30 875288]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-30 231704]
    R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-06-14 355096]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-02 118784]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
    S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-04 47712]
    S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
    S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
    S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
    S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
    S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
    S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]



    and now for the info,

    info.txt logfile of random's system information tool 1.04 2008-10-30 14:55:16

    ======Uninstall list======

    --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
    --> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe "
    --> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe "
    --> "C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe "
    --> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe "
    --> "C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe "
    --> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe "
    --> "C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe "
    --> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
    --> "C:\Program Files\HP Games\FATE\Uninstall.exe "
    --> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe "
    --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
    --> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe "
    --> "C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe "
    --> "C:\Program Files\HP Games\Luxor 2\Uninstall.exe "
    --> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
    --> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe "
    --> "C:\Program Files\HP Games\Peggle\Uninstall.exe "
    --> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
    --> "C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe "
    --> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
    --> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe "
    --> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
    --> "C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe "
    --> "C:\Program Files\HP Games\Super Granny 3\Uninstall.exe "
    --> "C:\Program Files\HP Games\Swarm\Uninstall.exe "
    --> "C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe "
    --> "C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe "
    --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
    --> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe "
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    ConvertXtoDVD 2.2.3.258--> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe "
    DIRECTV SUPERCAST-->msiexec /qb /x {A2567F24-B720-9D52-0632-FEBED01F3D2C}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    Favorit-->c:\users\bestbuy\appdata\local\gfiasrk.bat
    Geek Squad 24 Hour Computer Support-->MsiExec.exe /I{83475EE2-08BD-4134-B4F9-F3FA46EDC508}
    Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
    HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
    HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
    HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
    HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
    HP Total Care Advisor-->MsiExec.exe /X{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}
    HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
    Intel® Viivâ„¢ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
    Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
    Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0009 -removeonly
    My HP Games--> "C:\Program Files\HP Games\Uninstall.exe "
    Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
    Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
    Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
    Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
    Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
    SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
    Supercast-->MsiExec.exe /I{A2567F24-B720-9D52-0632-FEBED01F3D2C}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
    VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
    World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    Zoom Cable Modem-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB360AE2-CF24-420B-8E31-7597E9499DD2}\Setup.exe" -l0x9

    ======Security center information======

    AV: AVG Anti-Virus Free (outdated)
    AV: Norton Internet Security (outdated)
    FW: Norton Internet Security
    AS: AVG Anti-Virus Free (disabled) (outdated)
    AS: Windows Defender (disabled)
    AS: Norton Internet Security (disabled) (outdated)

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE "=x86
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "USERNAME "=SYSTEM
    "windir "=%SystemRoot%
    "PROCESSOR_LEVEL "=6
    "PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION "=0f0d
    "NUMBER_OF_PROCESSORS "=2
    "RoxioCentral "=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    "PLATFORM "=HPD
    "PCBRAND "=Pavilion
    "OnlineServices "=Online Services

    -----------------EOF-----------------

    this is a sample of the junk i found in the system 32 folder i could put it all in here i copied a bit of it. I feel i found the keylogger but i cant get rid of it. the way i came to discovering this was clicked on an odd exe file in my task manager and chcked the file location. took me to this then i cut and pasted it into google and it led me to you guys.

    è¶ · · "· 4· D· X· h· x· Å · Å“· ¬· ¼· ÃŽ· â· ö D´ \´ t´ Å’´ Ëœ´ ¬´ À´ Ö´ ì´ þ´ µ ,´ .µ @µ Lµ Xµ fµ rµ ~µ Å’µ "“µ ¨µ ¸µ ´ ø³ è³ ÃŒ³ ¶³ ª³ Å¡³ ˆ³ r³ d³ P³ :³ *³ "³ ³ µ ³ Þ¹ è¹ ò¹ ü¹ º º º $º :º Fº Ôº Ö¹ ÃŒ¹ ¹ ຠ¸¹ °¹ *¹ ¹ "ž¹ z¹ n¹ d¹ Z¹ P¹ B¹ :¹ 2¹ (¹ ¹ ¹
    ¹ ¹ ö¸ bº ž¸ Ž¸ ®¸ ÃŒ¸ ¢ € €¡ € € € € € €£ € ¸ üµ èµ Öµ ¸¶ ª¶ "¶ ~¶ p¶ `¶ P¶ @¶ 0¶ ¶ ¶ ¸º º ¤º zº  € € € € €4 €s € € € ,¸ <¸ N¸ b¸ ¸ à à  à øÀ àÀ ÌÀ ¼Ã€  _Ãœ*GqêfGâ„¢â€\â Z.ö5:òËõO°)'ä•ÅQji/M0ßqD˜ŒÌXT^†ÈWindows Live Messenger MSBLWindowClass à6‡a=<à ª 8›q»3 +3 g3 @O Å’O f f f @O Å’O 0à   47 >7 H7 é4 ø4 5 ,_ Å¡5 d5 q5 z^ º4 €Ã   pà   `à   86 6 6 R7 \7 f7 é4 ø4 5 ,_ ø6 Ø6 è6 z^ º4  ðÄ  €äÄ  €ØÄ  €ÃÄ  €ÄÄ  €¸Ã„  €¬Ã„  €ˆÄ  €dÄ  €<Ä  €$Ä  €øà  €Üà  €´Ãƒ  €à à  à øÀ àÀ ÌÀ ¼Ã€ à à  à øÀ àÀ ÌÀ ¼Ã€  À F À Fà À Fà À F*§4‡eÃ’J ¯Ã‡¬Ma Ó¯ÃÃÅ > ÀOÉân„²â€“±´º¶Å“ ª 4%D,3Ë&ôƒ ÀOÙ deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly p     0s     0s   0s     Ãw   Ãw   € € Ãw  € Ãw  €  Ãw   Ãw                                     



         
      
      Å’  L  ÃŒ  ,  ¬  l  ì    Å“  \  Ãœ  <  ¼  |  ü    "š  B    "  ¢  b  â   ’  R  Ã’  2  ²  r  ò 
     Å   J  Ê  *  ª  j  ê    Å¡  Z  Ú  :  º  z  ú    "   F  Æ  &  ¦  f  æ    "“  V  Ö  6  ¶  v  ö    Ž  N  ÃŽ  .  ®  n  î    ž  ^  Þ  >  ¾  ~  þ     A  à  !  ¡  a  á    "˜  Q  Ñ  1  ±  q  ñ   "°  I  É  )  ©  i  é    â„¢  Y  Ù  9  ¹  y  ù    "¦  E  Ã…  %  ¥  e  Ã¥    "¢  U  Õ  5  µ  u  õ 
      M  à  -  *  m  í     ]  à  =  ½  }  ý    " " S S Ó Ó 3 3 ³ ³ s s ó ó  "¹ "¹ K K Ë Ë + + « « k k ë ë   "º "º [ [ Û Û ; ; » » { { û û   "¡ "¡ G G Ç Ç ' ' § § g g ç ç   "” "” W W × × 7 7 · · w w ÷ ÷    O O à Ã / / ¯ ¯ o o ï ï   Ÿ Ÿ _ _ ß ß ? ? ¿ ¿   ÿ ÿ  @   `    P  0  p    H  (  h    X  8  x    D  $  d    T  4  t    Æ’  C  Ã  #  £  c  ã                   
                         
                  















































      





            
         ( 0 8 @ P ` p € * À à         0 @ ` € À  €        0 @ ` ô° ȵ D* p² Ķ À¡ °° ò· * h² ¸ ¸¡ è² v¸ 8¢ @² €¸ ¡ ,² ê¸ |¡ Ëœ± .º è* À² Vº ¢ $² lº t¡ ¬² Ⱥ ü¡ è¶ · · "· 4· D· X· h· x· Å · Å“· ¬· ¼· ÃŽ· â· ö D´ \´ t´ Å’´ Ëœ´ ¬´ À´ Ö´ ì´ þ´ µ ,´ .µ @µ Lµ Xµ fµ rµ ~µ Å’µ "“µ ¨µ ¸µ ´ ø³ è³ ÃŒ³ ¶³ ª³ Å¡³ ˆ³ r³ d³ P³ :³ *³ "³ ³ µ ³ Þ¹ è¹ ò¹ ü¹ º º º $º :º Fº Ôº Ö¹ ÃŒ¹ ¹ ຠ¸¹ °¹ *¹ ¹ "ž¹ z¹ n¹ d¹ Z¹ P¹ B¹ :¹ 2¹ (¹ ¹ ¹
    ¹ ¹ ö¸ bº ž¸ Ž¸ ®¸ ÃŒ¸ ¢ € €¡ € € € € € €£ € ¸ üµ èµ Öµ ¸¶ ª¶ "¶ ~¶ p¶ `¶ P¶ @¶ 0¶ ¶ ¶ ¸º º ¤º zº  € € € € €4 €s € € € ,¸ <¸ N¸ b¸ ¸ . CloseHandle :GetCurrentProcess ISleep i CreateThread uGetModuleFileNameA wGetModuleHandleA ï FreeLibrary "°WideCharToMultiByte ËœGetProcAddress KLoadLibraryW ¿lstrlenA >GetCurrentThreadId "ž DisableThreadLibraryCalls kGetLocalTime InitializeCriticalSection z DeleteCriticalSection GLeaveCriticalSection "InterlockedIncrement EnterCriticalSection InterlockedDecrement ÀlstrlenW ®GetShortPathNameW zGetModuleHandleW vGetModuleFileNameW kMultiByteToWideChar HSizeofResource MLoadResource à FindResourceW iGetLastError JLoadLibraryExW ·lstrcmpiW ½lstrcpynW
    HeapDestroy ºlstrcpyW ±lstrcatW | DeleteFileA Å WinExec ù GetBinaryTypeA ÕGetTickCount ËGetTempPathA KERNEL32.dll  CallNextHookEx Å SetWindowsHookExW *UnhookWindowsHookEx & CharLowerA PostMessageW ?SendMessageW ü GetClassNameA Ã¥ FindWindowExW ä FindWindowExA ã FindWindowA VSetForegroundWindow PostThreadMessageW >GetMessageW , CharNextW USER32.dll  AdjustTokenPrivileges NLookupPrivilegeValueW ªOpenProcessToken ÉRegCloseKey ùRegSetValueExA ÃŒRegCreateKeyA íRegQueryValueExW âRegOpenKeyExA ÑRegDeleteKeyW ÃŽRegCreateKeyExW ÓRegDeleteValueW ãRegOpenKeyExW ×RegEnumKeyExW úRegSetValueExW èRegQueryInfoKeyW ÚRegEnumValueW ADVAPI32.dll ShellExecuteA SHELL32.dll : CoInitialize d CoTaskMemFree c CoTaskMemAlloc e CoTaskMemRealloc  CoCreateInstance ole32.dll OLEAUT32.dll GetRoleTextA  GetStateTextA  WindowFromAccessibleObject  AccessibleObjectFromWindow OLEACC.dll â„¢memset ¾strlen ²sprintf ºstrcpy "”memcpy Ã…strstr Rfgets Wfopen ¹_splitpath ¸strcmp õwprintf igetchar Ëswprintf ¶strcat ’_purecall  ??3@YAXPAX@Z  ??2@YAPAXI@Z ^free "˜malloc §realloc "“memcmp =atoi ·strchr Àstrncmp Lfclose ffwrite ©rename Ž _access æwcslen áwcscmp MSVCRT.dll _initterm _adjust_fdiv WS2_32.dll Netbios NETAPI32.dll i InternetCloseHandle Å¡ InternetReadFile " InternetOpenUrlA ’ InternetOpenA WININET.dll Ã_stricmp @calloc 04I T»    » 0» H» Ã1 Û1 ô1 2 2 , _» o» » "» §» ®»      MSHELP.DLL DllCanUnloadNow DllGetClassObject DllRegisterServer DllUnregisterServer GetVer Install 0 Ÿ À ~  ù ç 0 Ÿ À ~  ù ç ¢   m2 ×2  j2 j2 =O  °Ã€ *À T Y P E L I B C L S I D D e l e t e N o R e m o v e F o r c e R e m o v e V a l B D S Y/¶(eÑ– ø

    S e D e b u g P r i v ig e . accountname r %s\***\config.*** %s%s login FFXiMain.dll polcoreEU.dll polcore.dll Edit Button YTopWindow YahooBuddyMain E r r o r l o a d i n g a d v a p i 3 2 . d l l
    (null) % w s % s W i n d o w s L i v e : n a m e = * CredFree CredEnumerateW a d v a p i 3 2 . d l l No window unavailable Remember my password ÒÑѡÔñ checked ¼Ã‡Ã—¡ÃŽÃ’µÃ„ÃÜÂë(R) ¸´Ã‘¡¿Ã² MSBLWindowClass SystemHelp RUNDLL32.EXE %s,Install Rundll32.exe ,Install  À Fp¢ €¢  £Hü©+â) ª =sR  À F_Ãœ*GqêfGâ„¢â€\â Z.R E G I S T R Y M o d u l e H K E Y _ C U R R E N T _ C O N F I G H K E Y _ D Y N _ D A T A H K E Y _ P E R F O R M A N C E _ D A T A H K E Y _ U S E R S H K E Y _ L O C A L _ M A C H I N E H K E Y _ C U R R E N T _ U S E R H K E Y _ C L A S S E S _ R O O T H K C C H K D D H K P D H K U H K L M H K C U H K C R UnRegisterTypeLib o l e a u t 3 2 . d l l . t l b  À Fhttps:// http:// wb MSIE/1.0 .tmp %s %s\e%dUP.exe VerChk=%d:END %s/%c%c%c.asp a+ %s/m%s.m %s/p%s.p POST /%s HTTP/1.1
    Host: %s
    Content-Type: application/x-www-form-urlencoded
    Content-Length: %d

    %s %s/web.asp %02X%02X%02X%02X%02X%02X * & h = 0 & u r l = { % s | } [PM: [accountName: email secretQuestionAnswer ] : [ accountName < n o n a m e > t e x t p a s s w o r d ÒõP0µËœÃ»â€š ª ½ÃŽ I N P U T ÿñP0µËœÃ»â€š ª ½ÃŽ 1.1.5 0Ç ÔÇ ÈÇ Ì㠼Ç ¬Ã‡ *Ç ΂ |Ç dÇ Ìã incompatible version buffer error insufficient memory data error stream error file error stream end need dictionary Ãœ¦ ¥    \« ¦    |¦   
     
    mikedude,
    #1
  2. 2008/11/02
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi mikedude
    Welcome to WindowsBBS

    I'm not seeing any Keylogger, what makes you believe this?

    • Please go to Jotti's malware scan
    • Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time
      • c:\users\bestbuy\appdata\local\yiaoegm.exe
        c:\users\bestbuy\appdata\local\gfiasrk.bat
    • Click on the submit button
    • Please post the results in your next reply.

    I need to know the name of the exe file you clicked on.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...