Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HIJACKTHIS LOGFILE REPORT

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 4th, 2009, 2:21 am

Hi I already had a topic but I didn't respond in time. SORRY but ok I did everthing you guys told me to do and here's my new log file...... My promblem is that someone or somthing is sending E-mails to people I don't know from my E-mail address. Can that be resolved? Thanks so much!!!!
:P



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:32 AM, on 1/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Norton Account Alert] "C:\Program Files\Common Files\Symantec Shared\SymNAC\SymNAC.exe" /ForkThenQuit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7867 bytes
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am
Advertisement
Register to Remove

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 11th, 2009, 5:56 am

Hi lala82 and sorry for delay.

If you still need help, please post next a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 14th, 2009, 11:09 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:54 PM, on 1/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Norton Account Alert] "C:\Program Files\Common Files\Symantec Shared\SymNAC\SymNAC.exe" /ForkThenQuit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_35.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... den-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photogra.com/uploadtool-Xv3/ ... oader3.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_33.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_15.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_32.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_48.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9076 bytes
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 15th, 2009, 3:48 am

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2

  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 18th, 2009, 6:10 pm

I did what your telling me to do but I dont find the settings. Am I doing something wrong?
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 19th, 2009, 4:15 am

Then you can ignore that part and move on, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 21st, 2009, 11:41 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-21 22:21:19
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 88121380 ZwAlertResumeThread
SSDT 88121008 ZwAlertThread
SSDT 8811E8A8 ZwAllocateVirtualMemory
SSDT 8804F690 ZwAlpcConnectPort
SSDT 881210D0 ZwCreateMutant
SSDT 8811E0B0 ZwCreateThread
SSDT 8812D848 ZwDebugActiveProcess
SSDT 8811E708 ZwFreeVirtualMemory
SSDT 881211C0 ZwImpersonateAnonymousToken
SSDT 881212A0 ZwImpersonateThread
SSDT 88122F28 ZwMapViewOfSection
SSDT 8812D9E8 ZwOpenEvent
SSDT 8812CB20 ZwOpenProcessToken
SSDT 84FDB840 ZwOpenSection
SSDT 88122C68 ZwOpenThreadToken
SSDT 8814FBC8 ZwResumeThread
SSDT 88122418 ZwSetContextThread
SSDT 88122D58 ZwSetInformationProcess
SSDT 88122328 ZwSetInformationThread
SSDT 8812D928 ZwSuspendProcess
SSDT 88122168 ZwSuspendThread
SSDT 880927E0 ZwTerminateProcess
SSDT 88122248 ZwTerminateThread
SSDT 88122E48 ZwUnmapViewOfSection
SSDT 8811E7D8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81D09914 8 Bytes [ 80, 13, 12, 88, 08, 10, 12, ... ]
.text ntkrnlpa.exe!KeSetTimerEx + 364 81D09928 4 Bytes CALL 6527213E
.text ntkrnlpa.exe!KeSetTimerEx + 370 81D09934 4 Bytes [ 90, F6, 04, 88 ]
.text ntkrnlpa.exe!KeSetTimerEx + 428 81D099EC 4 Bytes [ D0, 10, 12, 88 ]
.text ntkrnlpa.exe!KeSetTimerEx + 454 81D09A18 4 Bytes [ B0, E0, 11, 88 ]
.text ...
.text srv.sys A8CD356E 1 Byte [ 33 ]
.text srv.sys A8CD3F9C 1 Byte [ 41 ]
.text srv.sys A8CD3FB5 1 Byte [ 20 ]
.text srv.sys A8CD4607 2 Bytes [ D6, B8 ]
.text srv.sys A8CD460F 2 Bytes [ C6, 7A ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxIndirectParamW 7609BD25 5 Bytes JMP 6F555BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxParamW 760B1FD5 5 Bytes JMP 6F555B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxParamA 760D80B2 5 Bytes JMP 6F555BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!DialogBoxIndirectParamA 760D83DD 5 Bytes JMP 6F555C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxIndirectA 760ED471 5 Bytes JMP 6F555B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxIndirectW 760ED56B 5 Bytes JMP 6F555AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxExA 760ED5D1 5 Bytes JMP 6F555ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] USER32.dll!MessageBoxExW 760ED5F5 5 Bytes JMP 6F555A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHCloneSpecialIDList + 2BD 768F6044 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHCloneSpecialIDList + 2C5 768F604C 4 Bytes [ A7, 0A, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHCloneSpecialIDList + 1695 768F741C 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHCloneSpecialIDList + 169D 768F7424 4 Bytes [ A7, 0A, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHRestricted + DFD 76928390 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHRestricted + E05 76928398 8 Bytes JMP E932A46F
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHRestricted + FB1 76928544 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHRestricted + FB9 7692854C 4 Bytes [ A7, 0A, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!ILFree + 5F3 76929AFC 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!ILFree + 5FB 76929B04 4 Bytes [ A7, 0A, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHBindToObject + 693 7692A9B8 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHBindToObject + 69B 7692A9C0 4 Bytes [ A7, 0A, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHCoCreateInstance + 1B7 7692BD08 4 Bytes [ 99, 0B, EA, 6F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[6044] SHELL32.dll!SHCoCreateInstance + 1BF 7692BD10 4 Bytes [ A7, 0A, EA, 6F ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6FE8D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6FE8D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6FE8B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6FE8D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6FE8BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6FE8F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6FE8C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6FE8F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6FE8D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6FE8B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6FE8DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6FE8C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6FE8F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6FE90D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6FE8FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6FE902A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6FE8D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6FE8BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FE8B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6FE8D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FE8A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FE9DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6FE9E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6FE9CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6FE9D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6FE9CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6FE9C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6FE9CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6FE8D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6FE8E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FE8B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FE8A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6FE8A819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6FE8C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6FE8D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6FE88D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6FE8BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6FE902A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6FE8FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6FE8F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6FE88AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6FE88C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6FE8BBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6FE8FF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6FE8FB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6FE90D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6FE8EFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6FE889D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6FE8D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6FE8CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6FE8CE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6FE9CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6FE9C49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6FE9CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6FE9D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6FE9CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6FE9C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6FE9CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6FE9E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6FE9D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6FE9CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FE9DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6FE9D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6FE9E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6FE9DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6FE9DFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6FE9E2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6FE9DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6FE9D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6FE8A460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6FE8FC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6FE8E151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6FE8A6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6FE8AE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6FE8B114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6FE8C023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6FE8B6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6FE89700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6FE8D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6FE8DE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6FE902A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6FE90D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6FE89362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6FE889D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6FE8F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6FE8A1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6FE8A970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6FE8EAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6FE8E4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6FE8C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6FE88D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6FE88AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6FE8DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6FE894A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6FE8D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6FE8BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6FE88FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6FE8D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6FE89231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6FE8F49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6FE8C58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6FE8CF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6FE8CA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6FE9CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6FE9C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6FE9DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6FE9E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6FE9CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FE9DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6FE9D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6FE9E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6FE9D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6FE9D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6FE9D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6FE9C8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6FE9C35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6FE9D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6FE9CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6FE9CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6FE991AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6FE90D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6FE902A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6FE8D537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6FE8F233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6FE8C301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6FE894A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6FE88FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6FE8BD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6FE8D221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6FE88AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6FE8D09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6FE9D13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6FE9D28F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6FE9E169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6FE9E479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6FE9DD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6FE9CD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6FE9DB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6FE9D913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6FE9D437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6FE9DE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6FE9CD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6FE9D773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6FE9CB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6FE9CEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6FE9C625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6FE9D5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6FE9CA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6FE95CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6FE95C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6FE94D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6FE950AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6FE9519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6FE940A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6FE95357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6FE9619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6FE953B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6FE961FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6044] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6FE93FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 22nd, 2009, 5:23 am

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 24th, 2009, 3:19 am

This is all I got in one window..... Titled LOG :bounce:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Raul at 2009-01-24 02:17:06
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 374 GB (80%) free of 467 GB
Total RAM: 3062 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:13 AM, on 1/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Raul\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Raul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Norton Account Alert] "C:\Program Files\Common Files\Symantec Shared\SymNAC\SymNAC.exe" /ForkThenQuit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_35.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... den-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photogra.com/uploadtool-Xv3/ ... oader3.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_33.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_15.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_32.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_48.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9088 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Raul.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
""= []
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2008-06-09 33280]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2008-06-02 178712]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Norton Account Alert"=C:\Program Files\Common Files\Symantec Shared\SymNAC\SymNAC.exe [2008-05-06 361840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe"="C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-22 22:20:33 ----D---- C:\dfff4921403a18b8550b4df4b367e022
2009-01-18 16:35:31 ----A---- C:\Windows\gmer.ini
2009-01-18 16:35:30 ----A---- C:\Windows\gmer_uninstall.cmd
2009-01-18 16:35:30 ----A---- C:\Windows\gmer.dll
2009-01-14 13:24:51 ----D---- C:\ProgramData\AppData
2009-01-11 10:05:23 ----D---- C:\Windows\Minidump
2009-01-04 01:02:06 ----AD---- C:\ProgramData\TEMP
2009-01-04 01:02:02 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2009-01-04 01:02:00 ----D---- C:\Program Files\SpywareBlaster
2009-01-03 23:03:07 ----D---- C:\ProgramData\Lavasoft
2009-01-03 23:03:07 ----D---- C:\Program Files\Lavasoft
2009-01-03 23:02:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-03 22:02:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-03 22:02:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-03 19:02:14 ----D---- C:\Program Files\Windows Live Safety Center
2009-01-03 12:06:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-02 23:02:01 ----A---- C:\Windows\smartkeydiagnostics.txt
2009-01-02 23:01:20 ----D---- C:\Users\Raul\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-02 22:49:32 ----D---- C:\Program Files\Panda Security
2009-01-02 22:49:13 ----D---- C:\Windows\BDOSCAN8
2009-01-02 22:44:10 ----D---- C:\Program Files\Common Files\Adobe
2009-01-02 22:44:10 ----D---- C:\Program Files\Adobe
2009-01-02 22:18:34 ----D---- C:\ProgramData\NOS
2009-01-02 22:18:33 ----D---- C:\Program Files\NOS
2009-01-02 22:17:31 ----A---- C:\Windows\system32\javaws.exe
2009-01-02 22:17:31 ----A---- C:\Windows\system32\javaw.exe
2009-01-02 22:17:31 ----A---- C:\Windows\system32\java.exe
2009-01-02 22:17:31 ----A---- C:\Windows\system32\deploytk.dll
2009-01-02 22:17:16 ----D---- C:\Program Files\Java
2008-12-29 14:17:44 ----D---- C:\Users\Raul\AppData\Roaming\Google
2008-12-29 14:15:18 ----D---- C:\Program Files\Google
2008-12-29 12:56:35 ----D---- C:\Users\Raul\AppData\Roaming\ZoomBrowser EX
2008-12-27 20:12:40 ----D---- C:\ProgramData\ZoomBrowser
2008-12-27 20:12:24 ----D---- C:\Program Files\Canon
2008-12-27 20:11:33 ----D---- C:\Program Files\Common Files\Canon
2008-12-27 19:41:26 ----D---- C:\rsit
2008-12-26 15:08:26 ----D---- C:\Users\Raul\AppData\Roaming\Malwarebytes
2008-12-26 15:08:12 ----D---- C:\ProgramData\Malwarebytes
2008-12-26 15:08:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-23 13:05:32 ----D---- C:\Users\Raul\AppData\Roaming\Walgreens
2008-12-21 01:15:11 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 01:22:57 ----D---- C:\Users\Raul\AppData\Roaming\Move Networks
2008-12-13 07:33:21 ----D---- C:\Program Files\Trend Micro
2008-12-11 12:39:05 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 20:44:57 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 20:44:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 20:44:13 ----A---- C:\Windows\explorer.exe
2008-12-10 20:42:31 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 20:38:32 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 20:38:01 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 20:38:01 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 20:38:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 20:38:00 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 20:38:00 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 20:37:59 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 20:37:23 ----A---- C:\Windows\system32\mf.dll
2008-12-10 20:37:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 20:37:22 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 20:37:21 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 16:16:46 ----A---- C:\FtpCmd.txt
2008-11-27 17:05:21 ----D---- C:\Users\Raul\AppData\Roaming\QQ Games Plugin
2008-11-27 17:03:05 ----D---- C:\Users\Raul\AppData\Roaming\Tencent
2008-11-27 17:03:05 ----D---- C:\Users\Raul\AppData\Roaming\QQ Games
2008-11-27 17:02:46 ----D---- C:\Program Files\Tencent
2008-11-27 17:02:18 ----D---- C:\Users\Raul\AppData\Roaming\acccore
2008-11-27 17:01:49 ----D---- C:\Program Files\AIMTunes
2008-11-27 17:01:24 ----D---- C:\ProgramData\AOL Downloads
2008-11-27 17:01:22 ----A---- C:\Windows\atid.ini
2008-11-27 17:01:04 ----D---- C:\ProgramData\Viewpoint
2008-11-27 17:01:03 ----D---- C:\ProgramData\acccore
2008-11-27 17:01:03 ----D---- C:\Program Files\Viewpoint
2008-11-27 17:00:54 ----D---- C:\ProgramData\AOL OCP
2008-11-27 17:00:54 ----D---- C:\ProgramData\AOL
2008-11-27 17:00:40 ----D---- C:\Program Files\Common Files\AOL
2008-11-27 17:00:03 ----D---- C:\Program Files\AIM6
2008-11-27 16:34:08 ----D---- C:\Users\Raul\AppData\Roaming\Mozilla
2008-11-27 16:33:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 04:26:28 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 04:26:27 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 04:26:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 04:26:27 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 04:26:26 ----A---- C:\Windows\system32\connect.dll
2008-11-25 19:45:48 ----D---- C:\Program Files\DivX
2008-11-24 20:28:39 ----D---- C:\ProgramData\PopCap Games
2008-11-20 15:37:10 ----D---- C:\Users\Raul\AppData\Roaming\7Wonders
2008-11-18 23:24:37 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-18 16:58:03 ----D---- C:\Users\Raul\AppData\Roaming\Template
2008-11-16 18:59:44 ----D---- C:\Program Files\Karaoke5
2008-11-16 18:56:49 ----D---- C:\Users\Raul\AppData\Roaming\LimeWire
2008-11-16 18:21:15 ----D---- C:\Users\Raul\AppData\Roaming\GanymedeNet
2008-11-16 18:18:57 ----D---- C:\Program Files\Ganymede
2008-11-16 01:42:58 ----D---- C:\Temp
2008-11-16 01:41:39 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2008-11-16 01:40:47 ----A---- C:\Windows\DIFxAPI.dll
2008-11-16 01:40:44 ----D---- C:\Program Files\Realtek
2008-11-16 01:40:44 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-11-16 01:40:44 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-11-16 01:40:44 ----A---- C:\Windows\RtlUpd.exe
2008-11-16 01:40:44 ----A---- C:\Windows\RtHDVCpl.exe
2008-11-16 01:40:44 ----A---- C:\Windows\HideWin.exe
2008-11-16 01:40:43 ----A---- C:\Windows\RtlExUpd.dll
2008-11-16 01:32:52 ----D---- C:\Users\Raul\AppData\Roaming\InstallShield
2008-11-16 01:32:47 ----D---- C:\Users\Raul\AppData\Roaming\WinBatch
2008-11-16 01:25:36 ----D---- C:\Windows\system32\x64
2008-11-16 01:22:37 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-16 01:22:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-16 01:22:27 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-16 01:22:06 ----A---- C:\Windows\system32\EncDec.dll
2008-11-16 01:22:05 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-13 23:35:03 ----D---- C:\ProgramData\MumboJumbo
2008-11-13 21:35:24 ----D---- C:\Program Files\LimeWire
2008-11-13 21:34:29 ----D---- C:\Windows\PCHEALTH
2008-11-13 21:34:29 ----D---- C:\Program Files\MSN Messenger
2008-11-13 21:31:07 ----D---- C:\ProgramData\Yahoo!
2008-11-13 21:27:19 ----D---- C:\Users\Raul\AppData\Roaming\Adobe
2008-11-13 20:56:41 ----D---- C:\Users\Raul\AppData\Roaming\uTorrent
2008-11-13 18:04:11 ----A---- C:\Windows\system32\msshooks.dll
2008-11-13 18:04:10 ----A---- C:\Windows\system32\msscb.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-13 18:04:09 ----A---- C:\Windows\system32\propsys.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\propdefs.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\msstrc.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\msshsq.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\wsepno.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-13 18:04:08 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\offfilt.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\tquery.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssvp.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssrch.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssph.dll
2008-11-13 18:01:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-13 18:01:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-13 18:01:15 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-13 18:01:12 ----A---- C:\Windows\system32\gameux.dll
2008-11-13 18:00:54 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-13 18:00:53 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-13 18:00:34 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-13 18:00:34 ----A---- C:\Windows\system32\es.dll
2008-11-13 18:00:32 ----A---- C:\Windows\system32\msxml3.dll
2008-11-13 18:00:31 ----A---- C:\Windows\system32\netapi32.dll
2008-11-13 18:00:01 ----A---- C:\Windows\system32\winload.exe
2008-11-13 18:00:01 ----A---- C:\Windows\system32\kd1394.dll
2008-11-13 18:00:01 ----A---- C:\Windows\system32\ci.dll
2008-11-13 18:00:00 ----A---- C:\Windows\system32\winresume.exe
2008-11-13 17:59:59 ----A---- C:\Windows\system32\srdelayed.exe
2008-11-13 17:59:59 ----A---- C:\Windows\system32\srcore.dll
2008-11-13 17:59:59 ----A---- C:\Windows\system32\srclient.dll
2008-11-13 17:59:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-11-13 17:59:59 ----A---- C:\Windows\system32\rstrui.exe
2008-11-13 17:59:59 ----A---- C:\Windows\system32\kbd106n.dll
2008-11-13 17:59:42 ----A---- C:\Windows\system32\wersvc.dll
2008-11-13 17:59:42 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-13 17:59:41 ----A---- C:\Windows\system32\win32spl.dll
2008-11-13 17:59:40 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-13 17:59:39 ----A---- C:\Windows\system32\dataclen.dll
2008-11-13 17:59:39 ----A---- C:\Windows\system32\cdd.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\wshext.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\wscript.exe
2008-11-13 17:59:37 ----A---- C:\Windows\system32\vbscript.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\scrrun.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\scrobj.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\jscript.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\cscript.exe
2008-11-13 17:59:36 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-13 17:59:35 ----A---- C:\Windows\system32\quartz.dll
2008-11-13 17:59:18 ----A---- C:\Windows\system32\msxml6.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wups2.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wucltux.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-13 17:40:53 ----A---- C:\Windows\system32\wups.dll
2008-11-13 17:40:53 ----A---- C:\Windows\system32\wudriver.dll
2008-11-13 17:40:53 ----A---- C:\Windows\system32\wuapi.dll
2008-11-13 17:40:49 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-13 17:40:49 ----A---- C:\Windows\system32\wuapp.exe
2008-11-13 16:57:23 ----D---- C:\Program Files\Prolific
2008-11-13 16:34:06 ----D---- C:\Program Files\Common Files\PctelEapPeer Authentication
2008-11-13 16:34:03 ----D---- C:\Program Files\Common Files\Research in Motion
2008-11-13 16:34:02 ----D---- C:\ProgramData\AT&T
2008-11-13 16:34:02 ----D---- C:\Program Files\AT&T
2008-11-13 16:31:26 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-11-13 16:28:58 ----D---- C:\Program Files\Option
2008-11-13 16:28:07 ----D---- C:\Users\Raul\AppData\Roaming\Sierra Wireless
2008-11-13 16:28:07 ----D---- C:\Program Files\Sierra Wireless Inc
2008-11-08 12:17:27 ----D---- C:\Users\Raul\AppData\Roaming\Yahoo!
2008-11-08 12:16:50 ----D---- C:\Users\Raul\AppData\Roaming\funkitron
2008-11-07 15:12:04 ----D---- C:\Users\Raul\AppData\Roaming\PlayFirst
2008-11-07 15:07:52 ----D---- C:\Users\Raul\AppData\Roaming\WildTangent
2008-11-07 15:02:23 ----D---- C:\Users\Raul\AppData\Roaming\Symantec
2008-11-07 15:01:57 ----D---- C:\Users\Raul\AppData\Roaming\Identities
2008-11-07 14:58:38 ----D---- C:\Users\Raul\AppData\Roaming\Macromedia
2008-11-07 14:58:10 ----D---- C:\Users\Raul\AppData\Roaming\Hewlett-Packard
2008-11-07 14:56:06 ----SD---- C:\Users\Raul\AppData\Roaming\Microsoft
2008-11-07 14:56:06 ----D---- C:\Users\Raul\AppData\Roaming\Media Center Programs
2008-11-07 14:51:02 ----D---- C:\Windows\SoftwareDistribution

======List of files/folders modified in the last 3 months======

2009-01-24 02:17:09 ----D---- C:\Windows\Temp
2009-01-24 02:16:42 ----D---- C:\Windows\Prefetch
2009-01-24 00:58:55 ----SHD---- C:\System Volume Information
2009-01-24 00:21:25 ----D---- C:\Windows\tracing
2009-01-22 09:54:08 ----D---- C:\Windows\System32
2009-01-22 09:54:08 ----D---- C:\Windows\inf
2009-01-22 09:54:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-18 16:40:10 ----RA---- C:\Windows\gmer.exe
2009-01-18 16:35:31 ----D---- C:\Windows
2009-01-18 16:35:30 ----D---- C:\Windows\system32\drivers
2009-01-15 09:59:32 ----D---- C:\Windows\winsxs
2009-01-15 03:02:32 ----D---- C:\Windows\system32\catroot
2009-01-15 03:02:30 ----D---- C:\Program Files\Windows Mail
2009-01-14 21:49:44 ----D---- C:\Windows\system32\catroot2
2009-01-14 20:17:12 ----D---- C:\Windows\system32\config
2009-01-14 20:17:07 ----D---- C:\Windows\Tasks
2009-01-14 20:17:07 ----D---- C:\Windows\system32\spool
2009-01-14 20:17:07 ----D---- C:\Windows\system32\Msdtc
2009-01-14 20:17:07 ----D---- C:\Windows\system32\CodeIntegrity
2009-01-14 20:17:05 ----D---- C:\Windows\system32\wbem
2009-01-14 20:17:05 ----D---- C:\Windows\registration
2009-01-14 13:24:51 ----HD---- C:\ProgramData
2009-01-11 10:04:45 ----RD---- C:\Program Files
2009-01-10 18:26:56 ----D---- C:\Program Files\Symantec
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-06 22:21:18 ----SD---- C:\Windows\Downloaded Program Files
2009-01-06 21:46:15 ----D---- C:\Windows\system32\Tasks
2009-01-05 11:21:31 ----D---- C:\ProgramData\Symantec
2009-01-03 23:03:45 ----SHD---- C:\Windows\Installer
2009-01-03 23:02:19 ----D---- C:\Program Files\Common Files
2009-01-03 13:26:24 ----D---- C:\ProgramData\WildTangent
2009-01-03 12:05:02 ----D---- C:\ProgramData\Adobe
2008-12-23 16:00:57 ----D---- C:\Windows\system32\WDI
2008-12-11 12:59:27 ----D---- C:\Windows\rescache
2008-12-11 12:41:52 ----D---- C:\Windows\system32\en-US
2008-12-11 12:41:52 ----D---- C:\Windows\AppPatch
2008-11-27 16:40:43 ----D---- C:\Windows\system32\Macromed
2008-11-20 15:35:34 ----D---- C:\Program Files\HP Games
2008-11-16 19:04:23 ----RSD---- C:\Windows\Fonts
2008-11-16 08:59:46 ----D---- C:\Program Files\HP
2008-11-16 03:07:11 ----D---- C:\Windows\Microsoft.NET
2008-11-16 03:05:15 ----D---- C:\Windows\ehome
2008-11-16 01:41:17 ----D---- C:\Windows\system32\RTCOM
2008-11-16 01:40:44 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 01:23:35 ----D---- C:\Windows\Debug
2008-11-14 17:36:05 ----D---- C:\Windows\system32\NDF
2008-11-13 21:34:31 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-13 21:31:07 ----D---- C:\Program Files\Yahoo!
2008-11-13 19:07:49 ----D---- C:\Windows\Logs
2008-11-13 18:22:50 ----D---- C:\Windows\system32\migration
2008-11-13 18:08:53 ----D---- C:\Windows\PolicyDefinitions
2008-11-13 18:08:49 ----D---- C:\Windows\system32\Boot
2008-11-13 18:07:54 ----D---- C:\Program Files\Norton Internet Security
2008-11-13 18:07:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-13 16:51:41 ----D---- C:\Windows\ModemLogs
2008-11-08 11:36:31 ----HD---- C:\hp
2008-11-07 15:03:05 ----D---- C:\ProgramData\Hewlett-Packard
2008-11-07 15:02:15 ----SHD---- C:\$Recycle.Bin
2008-11-07 15:01:44 ----D---- C:\Windows\system
2008-11-07 14:56:54 ----D---- C:\Windows\system32\restore
2008-11-07 14:56:46 ----RD---- C:\Program Files\Online Services
2008-11-07 14:56:14 ----D---- C:\Windows\SMINST
2008-11-07 14:56:05 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2098-01-01 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081220.001\IDSvix86.sys [2008-10-03 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2008-05-23 32160]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\Windows\system32\DRIVERS\swnc8u80.sys [2008-01-10 165248]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\Windows\system32\DRIVERS\swumx80.sys [2008-01-10 142976]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-10 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2098-01-01 99376]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-01-20 85969]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090105.009\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090105.009\NAVEX15.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2008-05-23 27072]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-02-12 75776]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-11-13 26504]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-13 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-05-23 106496]
R3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2008-05-23 118784]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-12-20 242424]
S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 24th, 2009, 4:55 am

Please check if you can find info.txt from c:\rsit folder :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 27th, 2009, 12:06 am

YES I FOUND IT THANKS.... :bom:


info.txt logfile of random's system information tool 1.05 2008-12-27 19:41:36

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LUXOR - Quest for the Afterlife\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->"c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AT&T Communication Manager-->MsiExec.exe /X{0D8363B3-74C6-4F66-86D0-7250F02FC5DF}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Installer-->MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Motorola Driver Installation-->MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QQ Games-->C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QQ Mah-jong-->C:\Program Files\Tencent\QQ Games\QQ Mah-jong\Uninstall.EXE
QQ Match Master-->C:\Program Files\Tencent\QQ Games\QQ Match Master\Uninstall.EXE
QQ Pool-->C:\Program Files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
QQ Robo-->C:\Program Files\Tencent\QQ Games\QQ Robo\Uninstall.EXE
QQ Texas Hold'em-->C:\Program Files\Tencent\QQ Games\QQ Texas Holdem\Uninstall.EXE
QQ Treasure Hunter-->C:\Program Files\Tencent\QQ Games\QQ Treasure Hunter\Uninstall.EXE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security

System event log

Computer Name: Raul-PC
Event Code: 7036
Message: The LiveUpdate service entered the running state.
Record Number: 19189
Source Name: Service Control Manager
Time Written: 20081227231837.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.
Record Number: 19190
Source Name: Service Control Manager
Time Written: 20081227231913.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The LiveUpdate service entered the running state.
Record Number: 19191
Source Name: Service Control Manager
Time Written: 20081228001358.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.
Record Number: 19192
Source Name: Service Control Manager
Time Written: 20081228001500.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The Windows CardSpace service entered the running state.
Record Number: 19193
Source Name: Service Control Manager
Time Written: 20081228003753.000000-000
Event Type: Information
User:

Application event log

Computer Name: Raul-PC
Event Code: 101
Message: Informasjonsnivå: success

Scheduler launched Automatic LiveUpdate.
Record Number: 6293
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081228001401.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Raul-PC
Event Code: 101
Message: Informasjonsnivå: success

Automatic LiveUpdate has terminated.
Record Number: 6294
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081228001501.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Raul-PC
Event Code: 101
Message: Informasjonsnivå: success

The next run has been scheduled to occur at approximately 8:10 PM.
Record Number: 6295
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081228001501.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Raul-PC
Event Code: 0
Message: Service started successfully.
Record Number: 6296
Source Name: idsvc
Time Written: 20081228003753.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 6297
Source Name: LightScribeService
Time Written: 20081228004136.000000-000
Event Type: Information
User:

Security event log

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 2864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228004134.313300-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 2865
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228004134.344500-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 2866
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228004134.360100-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 2867
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228004134.391300-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 2868
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228004134.406900-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services

-----------------EOF-----------------
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 27th, 2009, 2:12 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Limewire 4.18.8

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder.

Please run a new RSIT scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 27th, 2009, 10:49 pm

Here is the log if you need the info again just tell me. :cheese:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Raul at 2009-01-27 21:45:59
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 373 GB (80%) free of 467 GB
Total RAM: 3062 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:13 PM, on 1/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\hp\kbd\kbd.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Raul\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Raul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Norton Account Alert] "C:\Program Files\Common Files\Symantec Shared\SymNAC\SymNAC.exe" /ForkThenQuit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_35.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... den-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photogra.com/uploadtool-Xv3/ ... oader3.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_33.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_15.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_32.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/ ... 0_0_48.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9079 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Raul.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
""= []
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2008-06-09 33280]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-25 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-25 133656]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2008-06-02 178712]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Norton Account Alert"=C:\Program Files\Common Files\Symantec Shared\SymNAC\SymNAC.exe [2008-05-06 361840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe"="C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-18 16:35:31 ----A---- C:\Windows\gmer.ini
2009-01-18 16:35:30 ----A---- C:\Windows\gmer_uninstall.cmd
2009-01-18 16:35:30 ----A---- C:\Windows\gmer.dll
2009-01-14 13:24:51 ----D---- C:\ProgramData\AppData
2009-01-11 10:05:23 ----D---- C:\Windows\Minidump
2009-01-04 01:02:06 ----AD---- C:\ProgramData\TEMP
2009-01-04 01:02:02 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2009-01-04 01:02:00 ----D---- C:\Program Files\SpywareBlaster
2009-01-03 23:03:07 ----D---- C:\ProgramData\Lavasoft
2009-01-03 23:03:07 ----D---- C:\Program Files\Lavasoft
2009-01-03 23:02:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-03 22:02:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-03 22:02:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-03 19:02:14 ----D---- C:\Program Files\Windows Live Safety Center
2009-01-03 12:06:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-02 23:02:01 ----A---- C:\Windows\smartkeydiagnostics.txt
2009-01-02 23:01:20 ----D---- C:\Users\Raul\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-02 22:49:32 ----D---- C:\Program Files\Panda Security
2009-01-02 22:49:13 ----D---- C:\Windows\BDOSCAN8
2009-01-02 22:44:10 ----D---- C:\Program Files\Common Files\Adobe
2009-01-02 22:44:10 ----D---- C:\Program Files\Adobe
2009-01-02 22:18:34 ----D---- C:\ProgramData\NOS
2009-01-02 22:18:33 ----D---- C:\Program Files\NOS
2009-01-02 22:17:31 ----A---- C:\Windows\system32\javaws.exe
2009-01-02 22:17:31 ----A---- C:\Windows\system32\javaw.exe
2009-01-02 22:17:31 ----A---- C:\Windows\system32\java.exe
2009-01-02 22:17:31 ----A---- C:\Windows\system32\deploytk.dll
2009-01-02 22:17:16 ----D---- C:\Program Files\Java
2008-12-29 14:17:44 ----D---- C:\Users\Raul\AppData\Roaming\Google
2008-12-29 14:15:18 ----D---- C:\Program Files\Google
2008-12-29 12:56:35 ----D---- C:\Users\Raul\AppData\Roaming\ZoomBrowser EX
2008-12-27 20:12:40 ----D---- C:\ProgramData\ZoomBrowser
2008-12-27 20:12:24 ----D---- C:\Program Files\Canon
2008-12-27 20:11:33 ----D---- C:\Program Files\Common Files\Canon
2008-12-27 19:41:26 ----D---- C:\rsit
2008-12-26 15:08:26 ----D---- C:\Users\Raul\AppData\Roaming\Malwarebytes
2008-12-26 15:08:12 ----D---- C:\ProgramData\Malwarebytes
2008-12-26 15:08:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-23 13:05:32 ----D---- C:\Users\Raul\AppData\Roaming\Walgreens
2008-12-21 01:15:11 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 01:22:57 ----D---- C:\Users\Raul\AppData\Roaming\Move Networks
2008-12-13 07:33:21 ----D---- C:\Program Files\Trend Micro
2008-12-11 12:39:05 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 20:44:57 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 20:44:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 20:44:13 ----A---- C:\Windows\explorer.exe
2008-12-10 20:42:31 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 20:38:32 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 20:38:01 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 20:38:01 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 20:38:00 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 20:38:00 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 20:38:00 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 20:37:59 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 20:37:23 ----A---- C:\Windows\system32\mf.dll
2008-12-10 20:37:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 20:37:22 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 20:37:21 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 16:16:46 ----A---- C:\FtpCmd.txt
2008-11-27 17:05:21 ----D---- C:\Users\Raul\AppData\Roaming\QQ Games Plugin
2008-11-27 17:03:05 ----D---- C:\Users\Raul\AppData\Roaming\Tencent
2008-11-27 17:03:05 ----D---- C:\Users\Raul\AppData\Roaming\QQ Games
2008-11-27 17:02:46 ----D---- C:\Program Files\Tencent
2008-11-27 17:02:18 ----D---- C:\Users\Raul\AppData\Roaming\acccore
2008-11-27 17:01:49 ----D---- C:\Program Files\AIMTunes
2008-11-27 17:01:24 ----D---- C:\ProgramData\AOL Downloads
2008-11-27 17:01:22 ----A---- C:\Windows\atid.ini
2008-11-27 17:01:04 ----D---- C:\ProgramData\Viewpoint
2008-11-27 17:01:03 ----D---- C:\ProgramData\acccore
2008-11-27 17:01:03 ----D---- C:\Program Files\Viewpoint
2008-11-27 17:00:54 ----D---- C:\ProgramData\AOL OCP
2008-11-27 17:00:54 ----D---- C:\ProgramData\AOL
2008-11-27 17:00:40 ----D---- C:\Program Files\Common Files\AOL
2008-11-27 17:00:03 ----D---- C:\Program Files\AIM6
2008-11-27 16:34:08 ----D---- C:\Users\Raul\AppData\Roaming\Mozilla
2008-11-27 16:33:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 04:26:28 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 04:26:27 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 04:26:27 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 04:26:27 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 04:26:26 ----A---- C:\Windows\system32\connect.dll
2008-11-25 19:45:48 ----D---- C:\Program Files\DivX
2008-11-24 20:28:39 ----D---- C:\ProgramData\PopCap Games
2008-11-20 15:37:10 ----D---- C:\Users\Raul\AppData\Roaming\7Wonders
2008-11-18 23:24:37 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-18 16:58:03 ----D---- C:\Users\Raul\AppData\Roaming\Template
2008-11-16 18:59:44 ----D---- C:\Program Files\Karaoke5
2008-11-16 18:56:49 ----D---- C:\Users\Raul\AppData\Roaming\LimeWire
2008-11-16 18:21:15 ----D---- C:\Users\Raul\AppData\Roaming\GanymedeNet
2008-11-16 18:18:57 ----D---- C:\Program Files\Ganymede
2008-11-16 01:42:58 ----D---- C:\Temp
2008-11-16 01:41:39 ----A---- C:\Windows\RTKAUDIOSERVICE.EXE
2008-11-16 01:40:47 ----A---- C:\Windows\DIFxAPI.dll
2008-11-16 01:40:44 ----D---- C:\Program Files\Realtek
2008-11-16 01:40:44 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-11-16 01:40:44 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-11-16 01:40:44 ----A---- C:\Windows\RtlUpd.exe
2008-11-16 01:40:44 ----A---- C:\Windows\RtHDVCpl.exe
2008-11-16 01:40:44 ----A---- C:\Windows\HideWin.exe
2008-11-16 01:40:43 ----A---- C:\Windows\RtlExUpd.dll
2008-11-16 01:32:52 ----D---- C:\Users\Raul\AppData\Roaming\InstallShield
2008-11-16 01:32:47 ----D---- C:\Users\Raul\AppData\Roaming\WinBatch
2008-11-16 01:25:36 ----D---- C:\Windows\system32\x64
2008-11-16 01:22:37 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-16 01:22:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-16 01:22:27 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-16 01:22:06 ----A---- C:\Windows\system32\EncDec.dll
2008-11-16 01:22:05 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-13 23:35:03 ----D---- C:\ProgramData\MumboJumbo
2008-11-13 21:34:29 ----D---- C:\Windows\PCHEALTH
2008-11-13 21:34:29 ----D---- C:\Program Files\MSN Messenger
2008-11-13 21:31:07 ----D---- C:\ProgramData\Yahoo!
2008-11-13 21:27:19 ----D---- C:\Users\Raul\AppData\Roaming\Adobe
2008-11-13 20:56:41 ----D---- C:\Users\Raul\AppData\Roaming\uTorrent
2008-11-13 18:04:11 ----A---- C:\Windows\system32\msshooks.dll
2008-11-13 18:04:10 ----A---- C:\Windows\system32\msscb.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-13 18:04:09 ----A---- C:\Windows\system32\propsys.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\propdefs.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\msstrc.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\msshsq.dll
2008-11-13 18:04:09 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\wsepno.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-13 18:04:08 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\offfilt.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-13 18:04:08 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\tquery.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssvp.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssrch.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-13 18:04:07 ----A---- C:\Windows\system32\mssph.dll
2008-11-13 18:01:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-13 18:01:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-13 18:01:15 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-13 18:01:12 ----A---- C:\Windows\system32\gameux.dll
2008-11-13 18:00:54 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-13 18:00:53 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-13 18:00:34 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-13 18:00:34 ----A---- C:\Windows\system32\es.dll
2008-11-13 18:00:32 ----A---- C:\Windows\system32\msxml3.dll
2008-11-13 18:00:31 ----A---- C:\Windows\system32\netapi32.dll
2008-11-13 18:00:01 ----A---- C:\Windows\system32\winload.exe
2008-11-13 18:00:01 ----A---- C:\Windows\system32\kd1394.dll
2008-11-13 18:00:01 ----A---- C:\Windows\system32\ci.dll
2008-11-13 18:00:00 ----A---- C:\Windows\system32\winresume.exe
2008-11-13 17:59:59 ----A---- C:\Windows\system32\srdelayed.exe
2008-11-13 17:59:59 ----A---- C:\Windows\system32\srcore.dll
2008-11-13 17:59:59 ----A---- C:\Windows\system32\srclient.dll
2008-11-13 17:59:59 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-11-13 17:59:59 ----A---- C:\Windows\system32\rstrui.exe
2008-11-13 17:59:59 ----A---- C:\Windows\system32\kbd106n.dll
2008-11-13 17:59:42 ----A---- C:\Windows\system32\wersvc.dll
2008-11-13 17:59:42 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-13 17:59:41 ----A---- C:\Windows\system32\win32spl.dll
2008-11-13 17:59:40 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-13 17:59:39 ----A---- C:\Windows\system32\dataclen.dll
2008-11-13 17:59:39 ----A---- C:\Windows\system32\cdd.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\wshext.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\wscript.exe
2008-11-13 17:59:37 ----A---- C:\Windows\system32\vbscript.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\scrrun.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\scrobj.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\jscript.dll
2008-11-13 17:59:37 ----A---- C:\Windows\system32\cscript.exe
2008-11-13 17:59:36 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-13 17:59:35 ----A---- C:\Windows\system32\quartz.dll
2008-11-13 17:59:18 ----A---- C:\Windows\system32\msxml6.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wups2.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wucltux.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-13 17:41:06 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-13 17:40:53 ----A---- C:\Windows\system32\wups.dll
2008-11-13 17:40:53 ----A---- C:\Windows\system32\wudriver.dll
2008-11-13 17:40:53 ----A---- C:\Windows\system32\wuapi.dll
2008-11-13 17:40:49 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-13 17:40:49 ----A---- C:\Windows\system32\wuapp.exe
2008-11-13 16:57:23 ----D---- C:\Program Files\Prolific
2008-11-13 16:34:06 ----D---- C:\Program Files\Common Files\PctelEapPeer Authentication
2008-11-13 16:34:03 ----D---- C:\Program Files\Common Files\Research in Motion
2008-11-13 16:34:02 ----D---- C:\ProgramData\AT&T
2008-11-13 16:34:02 ----D---- C:\Program Files\AT&T
2008-11-13 16:31:26 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-11-13 16:28:58 ----D---- C:\Program Files\Option
2008-11-13 16:28:07 ----D---- C:\Users\Raul\AppData\Roaming\Sierra Wireless
2008-11-13 16:28:07 ----D---- C:\Program Files\Sierra Wireless Inc
2008-11-08 12:17:27 ----D---- C:\Users\Raul\AppData\Roaming\Yahoo!
2008-11-08 12:16:50 ----D---- C:\Users\Raul\AppData\Roaming\funkitron
2008-11-07 15:12:04 ----D---- C:\Users\Raul\AppData\Roaming\PlayFirst
2008-11-07 15:07:52 ----D---- C:\Users\Raul\AppData\Roaming\WildTangent
2008-11-07 15:02:23 ----D---- C:\Users\Raul\AppData\Roaming\Symantec
2008-11-07 15:01:57 ----D---- C:\Users\Raul\AppData\Roaming\Identities
2008-11-07 14:58:38 ----D---- C:\Users\Raul\AppData\Roaming\Macromedia
2008-11-07 14:58:10 ----D---- C:\Users\Raul\AppData\Roaming\Hewlett-Packard
2008-11-07 14:56:06 ----SD---- C:\Users\Raul\AppData\Roaming\Microsoft
2008-11-07 14:56:06 ----D---- C:\Users\Raul\AppData\Roaming\Media Center Programs
2008-11-07 14:51:02 ----D---- C:\Windows\SoftwareDistribution

======List of files/folders modified in the last 3 months======

2009-01-27 21:46:10 ----D---- C:\Windows\Prefetch
2009-01-27 21:46:02 ----D---- C:\Windows\Temp
2009-01-27 21:43:46 ----RD---- C:\Program Files
2009-01-27 21:37:00 ----D---- C:\Windows\tracing
2009-01-27 20:41:30 ----SHD---- C:\System Volume Information
2009-01-26 22:45:09 ----D---- C:\ProgramData\Symantec
2009-01-26 22:34:43 ----D---- C:\Windows\System32
2009-01-26 22:34:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-26 22:34:42 ----D---- C:\Windows\inf
2009-01-25 12:14:58 ----D---- C:\ProgramData\WildTangent
2009-01-18 16:40:10 ----RA---- C:\Windows\gmer.exe
2009-01-18 16:35:31 ----D---- C:\Windows
2009-01-18 16:35:30 ----D---- C:\Windows\system32\drivers
2009-01-15 09:59:32 ----D---- C:\Windows\winsxs
2009-01-15 03:02:32 ----D---- C:\Windows\system32\catroot
2009-01-15 03:02:30 ----D---- C:\Program Files\Windows Mail
2009-01-14 21:49:44 ----D---- C:\Windows\system32\catroot2
2009-01-14 20:17:12 ----D---- C:\Windows\system32\config
2009-01-14 20:17:07 ----D---- C:\Windows\Tasks
2009-01-14 20:17:07 ----D---- C:\Windows\system32\spool
2009-01-14 20:17:07 ----D---- C:\Windows\system32\Msdtc
2009-01-14 20:17:07 ----D---- C:\Windows\system32\CodeIntegrity
2009-01-14 20:17:05 ----D---- C:\Windows\system32\wbem
2009-01-14 20:17:05 ----D---- C:\Windows\registration
2009-01-14 13:24:51 ----HD---- C:\ProgramData
2009-01-10 18:26:56 ----D---- C:\Program Files\Symantec
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-06 22:21:18 ----SD---- C:\Windows\Downloaded Program Files
2009-01-06 21:46:15 ----D---- C:\Windows\system32\Tasks
2009-01-03 23:03:45 ----SHD---- C:\Windows\Installer
2009-01-03 23:02:19 ----D---- C:\Program Files\Common Files
2009-01-03 12:05:02 ----D---- C:\ProgramData\Adobe
2008-12-23 16:00:57 ----D---- C:\Windows\system32\WDI
2008-12-11 12:59:27 ----D---- C:\Windows\rescache
2008-12-11 12:41:52 ----D---- C:\Windows\system32\en-US
2008-12-11 12:41:52 ----D---- C:\Windows\AppPatch
2008-11-27 16:40:43 ----D---- C:\Windows\system32\Macromed
2008-11-20 15:35:34 ----D---- C:\Program Files\HP Games
2008-11-16 19:04:23 ----RSD---- C:\Windows\Fonts
2008-11-16 08:59:46 ----D---- C:\Program Files\HP
2008-11-16 03:07:11 ----D---- C:\Windows\Microsoft.NET
2008-11-16 03:05:15 ----D---- C:\Windows\ehome
2008-11-16 01:41:17 ----D---- C:\Windows\system32\RTCOM
2008-11-16 01:40:44 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 01:23:35 ----D---- C:\Windows\Debug
2008-11-14 17:36:05 ----D---- C:\Windows\system32\NDF
2008-11-13 21:34:31 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-13 21:31:07 ----D---- C:\Program Files\Yahoo!
2008-11-13 19:07:49 ----D---- C:\Windows\Logs
2008-11-13 18:22:50 ----D---- C:\Windows\system32\migration
2008-11-13 18:08:53 ----D---- C:\Windows\PolicyDefinitions
2008-11-13 18:08:49 ----D---- C:\Windows\system32\Boot
2008-11-13 18:07:54 ----D---- C:\Program Files\Norton Internet Security
2008-11-13 18:07:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-13 16:51:41 ----D---- C:\Windows\ModemLogs
2008-11-08 11:36:31 ----HD---- C:\hp
2008-11-07 15:03:05 ----D---- C:\ProgramData\Hewlett-Packard
2008-11-07 15:02:15 ----SHD---- C:\$Recycle.Bin
2008-11-07 15:01:44 ----D---- C:\Windows\system
2008-11-07 14:56:54 ----D---- C:\Windows\system32\restore
2008-11-07 14:56:46 ----RD---- C:\Program Files\Online Services
2008-11-07 14:56:14 ----D---- C:\Windows\SMINST
2008-11-07 14:56:05 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2098-01-01 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081220.001\IDSvix86.sys [2008-10-03 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2008-05-23 32160]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\Windows\system32\DRIVERS\swnc8u80.sys [2008-01-10 165248]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\Windows\system32\DRIVERS\swumx80.sys [2008-01-10 142976]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-10 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2098-01-01 99376]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-01-20 85969]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090105.009\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090105.009\NAVEX15.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2008-05-23 27072]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-02-12 75776]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-11-13 26504]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-19 79136]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-13 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-05-23 106496]
R3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2008-05-23 118784]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-12-20 242424]
S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby Shaba » January 28th, 2009, 5:34 am

Yes, please post also a fresh info.txt :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My HIJACKTHIS LOGFILE REPORT

Unread postby lala82 » January 29th, 2009, 1:15 am

SURE THING BOSS.... :king:


info.txt logfile of random's system information tool 1.05 2009-01-27 21:46:14

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LUXOR - Quest for the Afterlife\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->"c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AT&T Communication Manager-->MsiExec.exe /X{0D8363B3-74C6-4F66-86D0-7250F02FC5DF}
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Installer-->MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /I{9A379E7A-22ED-44FF-9293-E393D704505D}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Motorola Driver Installation-->MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QQ BlackJack-->C:\Program Files\Tencent\QQ Games\QQ BlackJack\Uninstall.EXE
QQ Bubble Arena-->C:\Program Files\Tencent\QQ Games\QQ Bubble Arena\Uninstall.EXE
QQ Games-->C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QQ Hearts-->C:\Program Files\Tencent\QQ Games\QQ Hearts\Uninstall.EXE
QQ Mah-jong-->C:\Program Files\Tencent\QQ Games\QQ Mah-jong\Uninstall.EXE
QQ Match Master-->C:\Program Files\Tencent\QQ Games\QQ Match Master\Uninstall.EXE
QQ Pool-->C:\Program Files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
QQ Puzzle Dasher-->C:\Program Files\Tencent\QQ Games\QQ PuzzleDasher\Uninstall.EXE
QQ Robo-->C:\Program Files\Tencent\QQ Games\QQ Robo\Uninstall.EXE
QQ Texas Hold'em-->C:\Program Files\Tencent\QQ Games\QQ Texas Holdem\Uninstall.EXE
QQ Treasure Hunter-->C:\Program Files\Tencent\QQ Games\QQ Treasure Hunter\Uninstall.EXE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security (disabled) (outdated)

System event log

Computer Name: Raul-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 26612
Source Name: Service Control Manager
Time Written: 20090128020743.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The LiveUpdate service entered the running state.
Record Number: 26613
Source Name: Service Control Manager
Time Written: 20090128022137.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.
Record Number: 26614
Source Name: Service Control Manager
Time Written: 20090128022203.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 26615
Source Name: Service Control Manager
Time Written: 20090128022413.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 7036
Message: The Windows CardSpace service entered the running state.
Record Number: 26616
Source Name: Service Control Manager
Time Written: 20090128022924.000000-000
Event Type: Information
User:

Application event log

Computer Name: Raul-PC
Event Code: 101
Message: Informasjonsnivå: success

Scheduler launched Automatic LiveUpdate.
Record Number: 9704
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090128022140.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Raul-PC
Event Code: 101
Message: Informasjonsnivå: success

Automatic LiveUpdate has terminated.
Record Number: 9705
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090128022206.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Raul-PC
Event Code: 101
Message: Informasjonsnivå: success

The next run has been scheduled to occur at approximately 10:26 PM.
Record Number: 9706
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090128022206.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Raul-PC
Event Code: 0
Message: Service started successfully.
Record Number: 9707
Source Name: idsvc
Time Written: 20090128022924.000000-000
Event Type: Information
User:

Computer Name: Raul-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 9708
Source Name: LightScribeService
Time Written: 20090128024614.000000-000
Event Type: Information
User:

Security event log

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4504
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128024612.367200-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4505
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128024612.398400-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4506
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128024612.429600-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4507
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128024612.445200-000
Event Type: Audit Failure
User:

Computer Name: Raul-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4508
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090128024612.476400-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services

-----------------EOF-----------------
lala82
Regular Member
 
Posts: 20
Joined: December 13th, 2008, 8:40 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 67 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware