Software completely removed, but it still creates multiple logs??

[paul.lima34]

Hi

I recently got a laptop with Netintelligence pre installed,
i didnt have the password so i had to use 'Autoruns' to remove it by force
I have successfully removed all known entries of that program (inc the Reg)

But after looking in my system with hidden files visible i noticed its still logging
my every movement on the net..

It keeps on creating a folder NetIntelligence Home\IncFiles and filling it will
10000's of DAT files, i can delete it no problem .. but as soon as i connect
to the net it created the same Folder path and creates 10000's of the same files

If i delete the folder, it simply re-creates it again

As i said Netintelligence is Completely removed from my computer!
(Changed protocols,uninstalled,removed Registry data,removed relevant system 32 dll's)
there is no trace of that program\software on my comp !
(unless its hiding somewhere else or called something else)

" C:\ProgramData\NetIntelligence Home\IncFiles "

can someone help ...

thanks in advance

 

[TrainableMan]

I never heard of the product before but I went to their website and I don't see a removal tool but they do have support contacts. I would contact them and explain your situation, that you bought a used computer and it had their software installed and you did some removal but something is still there. Ask if they have a removal tool.

Your other option is to completely reinstall Windows 7. Which means backing up all your data, writing down your product key and then reinstalling everything. W7EasyTransfer can help back up your data and restore it once reinstalled.

(You would be reinstalling the same edition and the same bit rate but a note for anyone who happens to find this, please be aware that W7easyTransfer cannot be used to migrate from a 64-bit system to a 32-bit system though it is supposed to work fine from 32 to 64 or 32 to 32 or 64 to 64)

 

[BladeRunner]

Why don't you try something like this?

http://uninstall-leftovers.smartcode.com/
http://www.fileguru.com/apps/leftover_uninstaller

 

[Nibiru2012]

Sir - actually I would do the latter suggestion from TM, that is a complete clean reinstall of Windows 7.

You really don't know for sure what all is residing on that system and it may come back to cause you problems or issues. I not being paranoid here as much as for me personally, I like to customize my OS and doing a clean install is really the best way to do it, at least for me that is.

You may also find that you'll spend more time, energy, stress and grief trying to get rid to that one problem versus the time spent doing a clean install.

If you have never done a clean or custom install of Windows 7 there are enough of us here that we will gladly help you out with whatever help you may need.

 

[paul.lima34]

Thanks for your Replies
(It isnt a used computer it was brand new)

also i use Advanced unintaller that has a left over scanner on it

looking in more depth ive noticed the actual folder that keeps on being created has a
'Creator Owner' , i have forcefully taken control of the folder but cannot inherit cetain stuff, nor can i remove the Creator

I denied the creator access to write in : C:\ProgramData\NetIntelligence Home\IncFiles
then it manged to Re create itself an goto C:\ProgramFiles\NetIntelligence Home\IncFiles

seems where ever i block it, it recreates

Not sure on a reinstall as i do not have a windows 7 disk ..
(or do i make one?)

thanks again

 

[TrainableMan]

If it's a brand new computer then that would be the anti-virus software w/ parental controls HERE. I still suggest you use the contact us tab and ask them for a removal tool; since they offer a 30-day free trial it's pretty likely that one is available.

 

[catilley1092]

paul.lima34, welcome to the forum! You stated that your computer is new, most brands has a way for you to create your own reinstall discs. Consult your owners manual for details, as all are different. But you'll need three to five non-rewritable DVD's to do this with, and about 60 to 90 minutes of your time. This needs to be done ASAP when the computer is new, before it begins to cause problems.

Also, there's a recovery partition on your computer, your manual will tell you which key to press & hold (usually F1 through F12) to begin the reinstall process. It's good to have, but having your own discs is a good idea too. Sometimes those keys don't always work as they should.

Very few computers comes with recovery media anymore, unless you pay extra for it (either at time of purchase or a later date). I purchased mine this past summer, the cost was around $16. I had my own, but wanted the factory ones "just in case".

If you do have issues with unwanted software (or any other need to do so), a reinstall usually takes care of the problem(s). And the reason that I mentioned either booting from the recovery partition or making your discs to boot from, is that your original drivers will be restored. If and when it gets older, you will need to update them, but usually that's no problem. Several of my drivers have been already been updated by HP Update.

I wish you the best, and hope that you get the issues that's causing you problems purged from your computer soon. The advice that I gave you should help (I hope).

Best of Luck,
Cat

 

[paul.lima34]

thanks for your lengthy reply ..

i will try an complete re-install but i have a feeling that software is embedded into the computer somehow and i fear if i create reinstall disks from this computer the problem would still be there..

can i not download windows 7 and burn to disks and use my key?
(TrainableMan i have contact them numerous times but they never reply. i think they are ignoring me because i used a 3rd party software to remove it)

 

[TrainableMan]

I would suggest you try the following before considering a complete reinstall since your computer is new not used. The computer likely came bundled with a free trial of the NetIntelligence Home Anti-virus, they do that sort of think all the time here in the USA.

OK, this is worth a try. First create a System Restore Point (type restore point into the search field of the start menu and folow the options under Create a Restore Point). Then download and install the 30-day trial of Revo Uninstaller Professional. Next download and install the 30-day free trial of NetIntelligence Home. That may repair the links so you can use the uninstall. Next open up Revo Uninstaller Pro and tell it to delete NetIntelligence Home, then choose the advanced deep scan option of Revo to find more pieces to delete.

can i not download windows 7 and burn to disks and use my key?

Yes you can but often times there is software the computer manufacturer installed that is not native to W7 and unless you can get it from the manufacturer you may miss it. 90% of the software the manufacturer installs in the USA is garbage: trialware for AVs and Office products etc but there are usually one or two pieces of software such as software for the built-in webcam of some laptops or for an onscreen display of the speaker volume or software to use special keys on the keyboard that you may very well wish you had.

 

[catilley1092]

Exactly. My computer came bundled with a lot of what is known a "crapware", but a few of the apps are good. There is HP's Media Center, which includes my webcam software, HP Support Assistant keeps my computer updated (not to be confused with Windows Update). I would not want to lose that. Power2Go is quite a useful app, and it's the one that burns my recovery discs, and handles recovery through the recovery partition, as well as it's excellent CD/DVD burner. There's also Microsoft Works, which is a good basic office app (budget sheets, etc), and HP's bundle of games.

But the trash that you don't want, can be removed with PC Decrapifier or Revo Uninstaller (Pro for 64 bit).

Unless you know your computer's inventory of drivers (and know the order in which to install them), it would be best to stay away from a "clean install", using a DVD of your version & bit # of Win 7. If you do decide this route, make sure to have all system drivers on CD or a flash drive. It's a lot of work in doing a clean install, if you've done one, then you know firsthand.

But, if you know how to do these things, then you'll be fine, you can setup your computer the way you want it. Many users build their own, to have it this way, as well as knowing what components are in their computer. The OEM's (Dell,HP,etc) is for themselves, and not us.

Cat

 

[paul.lima34]

TrainableMan

i tried your idea , reinstalled .. turned all the logging off etc
but it didnt work,

i do have a recovery partition with Windows7 installer on it, the thing is
the same Netintelligence software is on that also

I found out my computer is contacting Netintelligences control center and they are logging
every movement and saving it on my hard drive, yet there are no running processes showing for this .. it is truley embedded an not sure how to go about formatting and reinstalling windows 7 from another source

 

[TrainableMan]

Is your computer under warranty from the manufacturer? Contact them and ask how to remove it. Or ask them to send the OS without that crap on it.

Try kindness first but if that fails... tell them you are very disappointed with their computer. And maybe say that if you cannot get resolution you want to return the computer as faulty. And mention you will also tell all your friends never to buy this junk from them.

 

[Nibiru2012]

Try the following I found on another website - http://www.removespywareguides.com/how-to-remove-netintelligence.html

Netintelligence Home Edition is a parental control program that is used to record all websites visited by the user.This step-by-step guide here can help you completely remove Netintelligence Home Edition.

Automated Get Rid of Netintelligence Home Edition using Malwarebytes’Anti-Malware:

Step 1: Reboot your computer, keep pressing F8 key and select “Safe Mode with Networking” with your arrow key. Press Enter key and your computer will boot in Safe Mode.
Step 2: Download Malwarebytes’Anti-Malware (Download Link), (Malwarebytes’Anti-Malware information)install it and update its database to the latest. After that, reboot your computer to make Malwarebytes’Anti-Malware fully functional, repeat Step 1 into Safe Mode and run a full scan of your computer.

NOTE: If you have problem installing Malwarebytes’Anti-Malware Software, you can rename the installer to winlogon.exe or iexplore.exe. Then double click the program and follow the install steps.

ps:before rename Malwarebytes as other name,make file extention show first.

Step 3: After the full scan finishes, click “Show Results” to make sure that your important data are not infected and removed. Ignore or select the scan result and click “Remove Selected” to remove the virus. Malwarebytes’Anti-Malware will pop up a log notepad and list all operations of this scan. You can save it if you like. Reboot your computer and let Malwarebytes’Anti-Malware delete all detected virus.
Step 4: Download and install Regtweaker – registry cleaner to repair your corrupted registry.


Why should you need Regtweaker?
As we know, virus and Trojans make the computer malfunction by destroying and modifying the registry so that the computer will not run normally. After the virus and Trojans are removed, the registry is still destroyed or modified, so the computer still has problems. That’s why you need to repair the registry. Also, some virus and Trojans leave some DLL files in the registry and this will cause strange DLL errors and affect the computer performance.


Installing or uninstalling software still can leave your Windows registry fragmented,with obsolete,corrupted and harmful files.Check your registry with RegTweaker tody.Download RegTweaker Now

To make your computer run as fast as before or much faster than before,
1. Download and install Regtweaker.
2. Run a full scan of your computer.
3. Click “Repair Now” and repair all errors detected.
----------------------------------------------------------------------------------------------------------------------------------------------------------------

Perhaps this will work for you without having to do a reinstall.

The following is from NetIntelligence's website:
How do I uninstall Netintelligence (Home Access)

From Netintelligence Knowledge Base

Jump to: navigation, search
In order to uninstall Netintelligence you will have to create an account for the online control panel. If you have not created an account please see creating a login for more information on this. Alternatively, you can contact your Home Access support team who will be able to provide you with your uninstall password – contact details for Home Access providers can be found here.
Note: Netintelligence is not able to issue uninstall passwords to end users. These must be issued by the Home Access provider.


Netintelligence can be uninstalled using “Remove a Program” from your Windows Control Panel.
Go to Start -> Control Panel -> Remove a program (Add or Remove Programs in Windows XP) -> Select Netintelligence from the list and double click it using the left mouse button.
When uninstalling Netintelligence, you will be prompted for your uninstall password. Your uninstall password can be obtained by double clicking on the Netintelligence Icon on your desktop and logging in to your online control panel. The password is then located under the support section as shown below.

The above is how to uninstall Netintelligence from a Home Access machine.

 

[TrainableMan]

He already tried a brute force delete when it asked for a password the normal way so his uninstall options at that point wouldn't work. He has reinstalled at my suggestion and then apparently ran revo to uninstall it, though he said unsuccessfully, so it's hard to say what state it's in now.

 

[Nibiru2012]

From what I've read on the web, this NetIntelligence Home is a rather pernicious piece of software and not too many people are enamored with it.

 

[paul.lima34]

Soz for the lengthy report on what exactly is happening on my comp..


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060235DC-6D84-47BD-95D7-A4EF5099A59D}]
txthlpBHO Class - C:\PROGRA~1\TEXTHE~1\READAN~1\TE4470~1.DLL [2005-12-14 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyng.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyng.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [2009-07-20 484920]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-09-24 825864]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-09-30 703008]
"PLD_FrameworkRun"=c:\windows\system32\oem\_NowIntoDT.vbs [2009-10-11 490]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PLD_FrameworkRunOnce"=c:\Windows\System32\oem\_waitAndLaunch_PLD_Framework_NoWait.vbs [2009-09-01 522]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2010-10-27 1861944]
"Google Update"=C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\Paul\Program Files\DNA\btdna.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2009-09-02 167424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2009-09-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIHomeAM]
C:\Program Files\Netintelligence Home\LiteClientAM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2009-09-02 144384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trigger New Acer AlaunchX]
c:\OEM\Preload\Command\AlaunchX\AppInRun.exe [2009-09-21 211488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe [2009-04-29 614696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{68FE2E0D-581C-7EFB-B4DC-409B7B489B5E}]
C:\Users\Paul\AppData\Roaming\Vibyus\ruar.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-02 217088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-01 03:39:01 ----D---- C:\Program Files\trend micro
2010-12-01 03:38:58 ----D---- C:\rsit
2010-12-01 03:17:40 ----D---- C:\ProgramData\NetIntelligence Home
2010-12-01 03:09:32 ----D---- C:\Windows\Log files
2010-12-01 01:04:52 ----D---- C:\Program Files\vuze
2010-12-01 01:01:28 ----D---- C:\Program Files\innovative solutions
2010-12-01 01:01:23 ----D---- C:\ProgramData\innovative solutions
2010-12-01 00:56:58 ----HD---- C:\Windows\PIF
2010-11-29 22:34:31 ----D---- C:\Users\Paul\AppData\Roaming\Mozilla
2010-11-29 21:44:03 ----D---- C:\Users\Paul\AppData\Roaming\CheeseSoft
2010-11-29 21:44:02 ----D---- C:\FU_Backup
2010-11-29 21:43:36 ----D---- C:\Program Files\FinalUninstaller
2010-11-28 23:34:34 ----D---- C:\Temp
2010-11-26 23:14:58 ----D---- C:\FarmHelper
2010-11-24 19:41:50 ----A---- C:\Windows\system32\ieui.dll
2010-11-24 19:41:49 ----A---- C:\Windows\system32\ieframe.dll
2010-11-24 19:41:46 ----A---- C:\Windows\system32\mshtml.dll
2010-11-22 05:23:52 ----A---- C:\Users\Paul\AppData\Roaming\PnkBstrK.sys
2010-11-22 05:23:33 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-11-22 01:07:22 ----D---- C:\Program Files\Veetle
2010-11-22 01:04:42 ----D---- C:\Users\Paul\AppData\Roaming\Texthelp Systems
2010-11-21 22:25:18 ----D---- C:\Users\Paul\AppData\Roaming\My Battle for Middle-earth Files
2010-11-21 22:18:27 ----D---- C:\Program Files\EA GAMES
2010-11-21 01:45:33 ----D---- C:\Program Files\GSC 2.00
2010-11-20 12:44:16 ----D---- C:\Program Files\Zynga
2010-11-20 00:33:32 ----D---- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2010-11-20 00:33:32 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-11-17 11:42:31 ----D---- C:\Users\Paul\AppData\Roaming\ImgBurn
2010-11-17 03:20:57 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-11-17 03:20:57 ----A---- C:\Windows\system32\msfeeds.dll
2010-11-17 03:20:57 ----A---- C:\Windows\system32\licmgr10.dll
2010-11-17 03:20:57 ----A---- C:\Windows\system32\jsproxy.dll
2010-11-17 03:20:56 ----A---- C:\Windows\system32\jscript.dll
2010-11-17 03:20:56 ----A---- C:\Windows\system32\inseng.dll
2010-11-17 03:20:55 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-11-17 03:20:55 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-11-17 03:20:55 ----A---- C:\Windows\system32\pngfilt.dll
2010-11-17 03:20:55 ----A---- C:\Windows\system32\jscript9.dll
2010-11-17 03:20:54 ----A---- C:\Windows\system32\vbscript.dll
2010-11-17 03:20:54 ----A---- C:\Windows\system32\urlmon.dll
2010-11-17 03:20:54 ----A---- C:\Windows\system32\url.dll
2010-11-17 03:20:54 ----A---- C:\Windows\system32\mshtmler.dll
2010-11-17 03:20:54 ----A---- C:\Windows\system32\mshtmled.dll
2010-11-17 03:20:54 ----A---- C:\Windows\system32\mshta.exe
2010-11-17 03:20:54 ----A---- C:\Windows\system32\msfeedssync.exe
2010-11-17 03:20:54 ----A---- C:\Windows\system32\admparse.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\occache.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\msrating.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\msls31.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\ieakui.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\ieaksie.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\ieakeng.dll
2010-11-17 03:20:53 ----A---- C:\Windows\system32\IEAdvpack.dll
2010-11-17 03:20:52 ----A---- C:\Windows\system32\iedkcs32.dll
2010-11-17 03:20:52 ----A---- C:\Windows\system32\ieapfltr.dll
2010-11-17 03:20:51 ----A---- C:\Windows\system32\dxtrans.dll
2010-11-17 03:20:51 ----A---- C:\Windows\system32\dxtmsft.dll
2010-11-17 03:20:50 ----A---- C:\Windows\system32\imgutil.dll
2010-11-17 03:20:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-11-17 03:20:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-11-17 03:20:50 ----A---- C:\Windows\system32\iesetup.dll
2010-11-17 03:20:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-11-17 03:20:50 ----A---- C:\Windows\system32\icardie.dll
2010-11-17 03:20:49 ----A---- C:\Windows\system32\iexpress.exe
2010-11-17 03:20:48 ----A---- C:\Windows\system32\wininet.dll
2010-11-17 03:20:48 ----A---- C:\Windows\system32\iertutil.dll
2010-11-17 03:20:48 ----A---- C:\Windows\system32\iernonce.dll
2010-11-17 03:20:48 ----A---- C:\Windows\system32\iepeers.dll
2010-11-17 03:20:47 ----A---- C:\Windows\system32\wextract.exe
2010-11-17 03:20:47 ----A---- C:\Windows\system32\webcheck.dll
2010-11-17 03:20:14 ----A---- C:\Windows\system32\d3d10warp.dll
2010-11-17 03:20:14 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-11-17 03:20:13 ----A---- C:\Windows\system32\FntCache.dll
2010-11-17 03:20:13 ----A---- C:\Windows\system32\DWrite.dll
2010-11-17 03:20:12 ----A---- C:\Windows\system32\d2d1.dll
2010-11-17 03:19:46 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-11-17 03:19:45 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-11-17 03:19:02 ----A---- C:\Windows\system32\ExplorerFrame.dll
2010-11-14 04:25:12 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-11-14 04:25:12 ----A---- C:\Windows\fonts\GlobalSerif.CompositeFont
2010-11-14 04:25:12 ----A---- C:\Windows\fonts\GlobalSansSerif.CompositeFont
2010-11-14 04:25:12 ----A---- C:\Windows\fonts\GlobalMonospace.CompositeFont
2010-11-11 10:09:42 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-11-11 10:03:52 ----D---- C:\Program Files\Electronic Arts
2010-11-11 05:38:24 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-11-09 03:41:39 ----D---- C:\Windows\en
2010-11-09 03:39:58 ----D---- C:\Program Files\Windows Live
2010-11-09 03:39:21 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-11-09 03:39:21 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-11-09 03:39:21 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-09 03:37:26 ----A---- C:\Windows\system32\UIRibbon.dll
2010-11-09 03:37:25 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-11-09 03:36:51 ----A---- C:\Windows\system32\mfreadwrite.dll
2010-11-09 03:36:51 ----A---- C:\Windows\system32\mf.dll
2010-11-09 03:36:49 ----A---- C:\Windows\system32\WMVDECOD.DLL
2010-11-07 05:30:32 ----D---- C:\Windows\Sun
2010-11-07 04:10:04 ----D---- C:\Users\Paul\AppData\Roaming\Onmy
2010-11-06 05:01:36 ----A---- C:\Windows\WININIT.INI
2010-11-06 03:20:01 ----A---- C:\Windows\system32\libusbd-nt.exe
2010-11-06 03:20:01 ----A---- C:\Windows\system32\libusbd-9x.exe
2010-11-06 03:20:00 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2010-11-06 03:16:14 ----A---- C:\Windows\system32\drivers\xPADFL02.sys
2010-11-06 03:16:13 ----D---- C:\Program Files\SixaxisDriver
2010-11-06 01:29:35 ----A---- C:\Windows\system32\libusb0.dll
2010-11-06 01:29:35 ----A---- C:\Windows\system32\drivers\libusb0.sys
2010-11-05 06:12:52 ----A---- C:\Windows\system32\xinput1_3.dll
2010-11-05 02:37:07 ----D---- C:\Users\Paul\AppData\Roaming\Malwarebytes
2010-11-05 02:36:38 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-05 02:36:36 ----D---- C:\ProgramData\Malwarebytes
2010-11-05 02:36:35 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-05 00:49:16 ----A---- C:\Windows\wb.ini
2010-11-05 00:49:16 ----A---- C:\Windows\system32\wbsys.dll
2010-11-05 00:49:08 ----D---- C:\Program Files\Stardock
2010-11-04 22:10:11 ----D---- C:\Windows\system32\x64
2010-11-04 22:09:25 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2010-11-04 03:23:05 ----D---- C:\Windows\system32\Wat
2010-11-04 03:00:51 ----A---- C:\Windows\system32\browserchoice.exe
2010-11-04 03:00:29 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2010-11-04 03:00:29 ----A---- C:\Windows\system32\drivers\ks.sys
2010-11-03 21:15:04 ----D---- C:\Users\Paul\AppData\Roaming\GSC 2.00
2010-11-03 19:33:12 ----A---- C:\Windows\system32\ole32.dll
2010-11-03 19:33:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-11-03 19:33:10 ----A---- C:\Windows\system32\drivers\fvevol.sys
2010-11-03 19:33:09 ----A---- C:\Windows\system32\spoolsv.exe
2010-11-03 19:32:40 ----A---- C:\Windows\system32\ir32_32.dll
2010-11-03 19:32:40 ----A---- C:\Windows\system32\iccvid.dll
2010-11-03 19:32:39 ----A---- C:\Windows\system32\winlogon.exe
2010-11-03 19:32:39 ----A---- C:\Windows\explorer.exe
2010-11-03 19:32:37 ----A---- C:\Windows\system32\tzres.dll
2010-11-03 19:32:26 ----A---- C:\Windows\system32\t2embed.dll
2010-11-03 19:32:17 ----A---- C:\Windows\system32\CPFilters.dll
2010-11-03 19:32:14 ----A---- C:\Windows\system32\msdri.dll
2010-11-03 19:32:11 ----A---- C:\Windows\system32\psisdecd.dll
2010-11-03 19:32:03 ----A---- C:\Windows\system32\schannel.dll
2010-11-03 19:31:56 ----A---- C:\Windows\system32\lsasrv.dll
2010-11-03 19:31:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2010-11-03 19:31:52 ----A---- C:\Windows\system32\rtutils.dll
2010-11-03 19:31:51 ----A---- C:\Windows\system32\inetcomm.dll
2010-11-03 19:31:50 ----A---- C:\Windows\system32\msxml3.dll
2010-11-03 19:31:48 ----A---- C:\Windows\system32\ntdll.dll
2010-11-03 19:31:47 ----A---- C:\Windows\system32\asycfilt.dll
2010-11-03 19:31:46 ----A---- C:\Windows\system32\comctl32.dll
2010-11-03 19:31:45 ----A---- C:\Windows\system32\mfc40u.dll
2010-11-03 19:31:45 ----A---- C:\Windows\system32\mfc40.dll
2010-11-03 19:31:35 ----A---- C:\Windows\system32\wmp.dll
2010-11-03 19:31:32 ----A---- C:\Windows\system32\wmploc.DLL
2010-11-03 19:31:29 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-11-03 19:31:24 ----A---- C:\Windows\system32\kernel32.dll
2010-11-03 19:31:23 ----A---- C:\Windows\system32\apphelp.dll
2010-11-03 19:31:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-11-03 19:31:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-11-03 19:31:20 ----A---- C:\Windows\system32\quartz.dll
2010-11-03 19:31:20 ----A---- C:\Windows\system32\msyuv.dll
2010-11-03 19:31:20 ----A---- C:\Windows\system32\msvidc32.dll
2010-11-03 19:31:20 ----A---- C:\Windows\system32\mciavi32.dll
2010-11-03 19:31:20 ----A---- C:\Windows\system32\iyuv_32.dll
2010-11-03 19:31:20 ----A---- C:\Windows\system32\avifil32.dll
2010-11-03 19:31:19 ----A---- C:\Windows\system32\tsbyuv.dll
2010-11-03 19:31:19 ----A---- C:\Windows\system32\msrle32.dll
2010-11-03 19:31:18 ----A---- C:\Windows\system32\shell32.dll
2010-11-03 19:31:17 ----A---- C:\Windows\system32\win32k.sys
2010-11-03 19:31:10 ----A---- C:\Windows\system32\srvsvc.dll
2010-11-03 19:31:10 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-11-03 19:31:10 ----A---- C:\Windows\system32\drivers\srv.sys
2010-11-03 19:31:09 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-11-03 19:31:07 ----A---- C:\Windows\system32\wmpmde.dll
2010-11-03 19:31:07 ----A---- C:\Windows\system32\secproc_isv.dll
2010-11-03 19:31:06 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-11-03 19:31:06 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-11-03 19:31:06 ----A---- C:\Windows\system32\secproc.dll
2010-11-03 19:31:06 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-11-03 19:31:06 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-11-03 19:31:06 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-11-03 19:31:06 ----A---- C:\Windows\system32\RMActivate.exe
2010-11-03 19:31:05 ----A---- C:\Windows\system32\StructuredQuery.dll
2010-11-03 19:31:05 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-11-03 19:31:05 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-11-03 19:31:05 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-11-03 19:31:01 ----A---- C:\Windows\system32\fontsub.dll
2010-11-03 19:31:01 ----A---- C:\Windows\system32\atmlib.dll
2010-11-03 19:31:01 ----A---- C:\Windows\system32\atmfd.dll
2010-11-03 03:11:22 ----D---- C:\Users\Paul\AppData\Roaming\vlc
2010-11-03 01:21:55 ----AD---- C:\ProgramData\TEMP
2010-11-03 01:21:28 ----D---- C:\Users\Paul\AppData\Roaming\AnvSoft
2010-11-02 23:25:03 ----D---- C:\Program Files\directx
2010-11-02 22:01:32 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-11-02 22:01:32 ----A---- C:\Windows\system32\PresentationHost.exe
2010-11-02 22:01:32 ----A---- C:\Windows\system32\netfxperf.dll
2010-11-02 22:01:31 ----A---- C:\Windows\system32\mscoree.dll
2010-11-02 22:01:31 ----A---- C:\Windows\system32\dfshim.dll
2010-11-02 22:00:55 ----D---- C:\1c718ddec9101b2dc26688e45f
2010-11-02 09:36:37 ----D---- C:\Windows\NAPP_Dism_Log
2010-11-02 07:53:52 ----D---- C:\Users\Paul\AppData\Roaming\uniblue
2010-11-02 07:51:47 ----D---- C:\Program Files\Uniblue
2010-11-02 07:51:38 ----HDC---- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2010-11-02 07:39:43 ----D---- C:\Windows\fonts\AdvUninstal
2010-11-02 07:39:27 ----D---- C:\Program Files\Common Files\Innovative Solutions
2010-11-02 06:49:00 ----D---- C:\Windows\pss
2010-11-02 04:12:22 ----D---- C:\Users\Paul\AppData\Roaming\Xfire
2010-11-02 04:12:21 ----D---- C:\ProgramData\Xfire
2010-11-02 04:10:50 ----D---- C:\Users\Paul\AppData\Roaming\WinRAR
2010-11-02 04:09:07 ----D---- C:\Program Files\WinRAR
2010-11-02 03:57:20 ----D---- C:\ProgramData\Sun
2010-11-02 03:57:16 ----D---- C:\Program Files\Common Files\Java
2010-11-02 03:56:51 ----A---- C:\Windows\system32\javaws.exe
2010-11-02 03:56:51 ----A---- C:\Windows\system32\javaw.exe
2010-11-02 03:56:51 ----A---- C:\Windows\system32\java.exe
2010-11-02 03:56:51 ----A---- C:\Windows\system32\deployJava1.dll
2010-11-02 03:56:31 ----D---- C:\Program Files\Java
2010-11-02 03:37:43 ----D---- C:\Users\Paul\AppData\Roaming\Azureus
2010-11-02 03:35:50 ----D---- C:\Program Files\Conduit
2010-11-02 03:35:46 ----D---- C:\Program Files\ConduitEngine
2010-11-02 03:35:42 ----D---- C:\Program Files\Vuze_Remote
2010-11-02 03:25:19 ----D---- C:\Program Files\CCleaner
2010-11-02 02:48:10 ----D---- C:\Users\Paul\AppData\Roaming\MAGIX
2010-11-02 02:47:28 ----D---- C:\ProgramData\Xara
2010-11-02 02:29:02 ----D---- C:\Users\Paul\AppData\Roaming\Macromedia
2010-11-02 02:28:58 ----D---- C:\Users\Paul\AppData\Roaming\Adobe
2010-11-02 02:14:39 ----D---- C:\Windows\system32\appmgmt
2010-11-02 02:03:19 ----D---- C:\Users\Paul\AppData\Roaming\InstallShield
2010-11-02 02:01:36 ----D---- C:\ProgramData\Corel
2010-11-02 02:01:20 ----D---- C:\Program Files\Common Files\InterVideo
2010-11-02 02:01:19 ----D---- C:\Program Files\Common Files\Protexis
2010-11-02 01:58:28 ----D---- C:\Program Files\InterVideo
2010-11-02 01:54:21 ----A---- C:\Windows\system32\wintrust.dll
2010-11-02 01:54:20 ----A---- C:\Windows\system32\cabview.dll
2010-11-02 01:52:29 ----SD---- C:\Users\Paul\AppData\Roaming\Microsoft
2010-11-02 01:52:29 ----D---- C:\Users\Paul\AppData\Roaming\Media Center Programs
2010-11-02 01:52:03 ----SHD---- C:\Recovery
2010-11-02 01:48:30 ----D---- C:\Program Files\COREL
2010-11-02 01:46:19 ----A---- C:\Windows\system32\TVWizudlg.exe
2010-11-02 01:46:19 ----A---- C:\Windows\system32\igfxtvcx.dll
2010-11-02 01:43:25 ----A---- C:\Windows\system32\PLD_Framework.cmd
2010-11-02 01:42:35 ----D---- C:\Windows\SoftwareDistribution
2010-11-02 01:41:17 ----D---- C:\Windows\system32\Lang
2010-11-02 01:41:16 ----A---- C:\Windows\system32\igxpun.exe
2010-11-02 01:39:47 ----D---- C:\Windows\CSC

======List of files/folders modified in the last 1 months======

2010-12-01 03:39:59 ----D---- C:\Windows\Temp
2010-12-01 03:39:01 ----RD---- C:\Program Files
2010-12-01 03:17:40 ----HD---- C:\ProgramData
2010-12-01 03:09:46 ----AD---- C:\Windows
2010-12-01 01:27:36 ----D---- C:\Program Files\Common Files
2010-12-01 01:20:05 ----SHD---- C:\System Volume Information
2010-12-01 01:19:38 ----D---- C:\Windows\System32
2010-12-01 01:09:31 ----D---- C:\Windows\system32\config
2010-12-01 00:59:54 ----D---- C:\Windows\inf
2010-12-01 00:59:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-01 00:56:43 ----D---- C:\Windows\system32\OEM
2010-12-01 00:55:17 ----D---- C:\Windows\Tasks
2010-12-01 00:55:17 ----D---- C:\Windows\system32\wfp
2010-12-01 00:55:16 ----D---- C:\Windows\system32\wbem
2010-12-01 00:54:37 ----D---- C:\Windows\system32\DriverStore
2010-12-01 00:54:37 ----D---- C:\Windows\system32\catroot2
2010-12-01 00:54:34 ----D---- C:\Windows\registration
2010-12-01 00:54:20 ----SD---- C:\ProgramData\Microsoft
2010-12-01 00:54:19 ----D---- C:\ProgramData\Acer
2010-12-01 00:52:33 ----D---- C:\Windows\Prefetch
2010-11-29 22:03:23 ----SHD---- C:\Windows\Installer
2010-11-29 22:03:23 ----D---- C:\Windows\Panther
2010-11-29 22:03:23 ----D---- C:\Windows\Logs
2010-11-29 02:08:47 ----D---- C:\Windows\Downloaded Program Files
2010-11-28 23:44:12 ----D---- C:\Windows\system32\Tasks
2010-11-28 23:44:12 ----D---- C:\Windows\system32\CodeIntegrity
2010-11-24 19:42:00 ----D---- C:\Windows\winsxs
2010-11-24 19:41:58 ----D---- C:\Windows\system32\catroot
2010-11-24 03:54:35 ----D---- C:\Windows\system32\drivers
2010-11-24 00:55:51 ----SHD---- C:\Config.Msi
2010-11-22 05:23:25 ----D---- C:\Windows\system32\LogFiles
2010-11-18 02:01:21 ----D---- C:\ProgramData\Adobe
2010-11-17 07:33:41 ----D---- C:\Windows\rescache
2010-11-17 03:38:13 ----D---- C:\Windows\system32\migration
2010-11-17 03:38:13 ----D---- C:\Windows\PolicyDefinitions
2010-11-17 03:38:13 ----D---- C:\Program Files\Internet Explorer
2010-11-17 03:38:12 ----D---- C:\Windows\system32\en-US
2010-11-16 01:27:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-14 06:51:11 ----D---- C:\Windows\Microsoft.NET
2010-11-14 04:43:44 ----RD---- C:\Users
2010-11-14 04:38:54 ----SHD---- C:\$Recycle.Bin
2010-11-14 04:25:12 ----RSD---- C:\Windows\Fonts
2010-11-14 04:14:41 ----RSD---- C:\Windows\assembly
2010-11-14 02:50:04 ----HD---- C:\Windows\system32\GroupPolicy
2010-11-10 10:42:58 ----D---- C:\Windows\debug
2010-11-10 07:32:06 ----A---- C:\Windows\system32\MRT.exe
2010-11-09 03:41:01 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-11-09 03:39:32 ----D---- C:\Program Files\Common Files\microsoft shared
2010-11-09 03:37:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-11-09 03:26:26 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-04 03:23:07 ----D---- C:\Windows\ehome
2010-11-04 03:23:06 ----D---- C:\Windows\AppPatch
2010-11-04 03:23:06 ----D---- C:\Program Files\Windows Media Player
2010-11-04 03:23:06 ----D---- C:\Program Files\Windows Mail
2010-11-02 22:02:08 ----D---- C:\Program Files\Microsoft.NET
2010-11-02 09:03:30 ----D---- C:\Activation
2010-11-02 07:42:54 ----D---- C:\Program Files\Acer
2010-11-02 02:52:40 ----D---- C:\OEM
2010-11-02 02:30:56 ----D---- C:\Program Files\Microsoft Security Essentials
2010-11-02 02:08:39 ----D---- C:\Windows\Help
2010-11-02 02:07:19 ----D---- C:\ProgramData\Microsoft Help
2010-11-02 01:56:05 ----D---- C:\Windows\system32\restore
2010-11-02 01:52:03 ----D---- C:\Windows\system32\Recovery
2010-11-02 01:48:36 ----D---- C:\Windows\system32\sysprep
2010-11-02 01:48:02 ----AD---- C:\Windows\DeployWinRE2
2010-11-02 01:46:17 ----D---- C:\Program Files\Intel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-11 697328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SASDIFSV;SASDIFSV; \??\D:\Program files\Superantispyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\D:\Program files\Superantispyware\SASKUTIL.SYS [2010-05-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-08-11 488448]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-02 5946368]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 15360]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-06-24 167424]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 XPADFL02;XPAD Filter Service 02; C:\Windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-21 66152]
S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 ServiceMonitor;Service Monitor; C:\Windows\system32\srvmon.exe [2009-08-25 712704]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-04 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIHomeAM]
C:\Program Files\Netintelligence Home\LiteClientAM.exe []

(was from the reinstall and is totally deleted now)

2010-12-01 03:17:40 ----D---- C:\ProgramData\NetIntelligence Home
keeps on recreating it self .. but as you can see, there is nothing on my machine that activates it currently got CCleaner linked up to C:\ProgramData\NetIntelligence Home
so its not that much of a prob, but it would of created about 50 files from just visiting this site

 

[TrainableMan]

Did you try Nibs link above to a possible removal method with MalwareBytes - note that it must be done from safe mode w/ Networking?

 

[paul.lima34]

I will try that but it looks like an advertisement for Regtweaker, i cant see how Netintelligence would show up as a virus?

 

[TrainableMan]

Actually many anti-virus programs show up to other AV software as a virus; this is true, for the most part, because they get in between the normal file handling process, the normal boot process, and normal script handling just like a virus would, in order to defeat them.

 

[paul.lima34]

01/12/2010 20:39:01
mbam-log-2010-12-01 (20-38-50).txt

Scan type: Full scan (C:\|P:\|)
Objects scanned: 244912
Time elapsed: 24 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Squeaky clean + that registry cleaner found no errors