Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my browser has been hijacked - log included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my browser has been hijacked - log included

Unread postby avis101 » June 4th, 2009, 1:11 pm

my browser has been hijacked; it redirects the page. Also, my backup manager nor system restore on my vista system will work anymore. will not go back to a restore point or backup my files. the following is the logfile. please let me know what i should do...i dont want to mess anything up anymore than it is.

thank you for your help...
avis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:25 PM, on 6/4/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avisganis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Resurections] C:\Users\AviG\AppData\Local\Temp\cwcagc4yi.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\Users\AviG\AppData\Local\Temp\3740162596.exe
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\AviG\winlogon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\AviG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12242 bytes
avis101
Active Member
 
Posts: 4
Joined: June 4th, 2009, 12:50 pm
Advertisement
Register to Remove

Re: my browser has been hijacked - log included

Unread postby Sharagoz » June 7th, 2009, 2:03 pm

Hello avis101, welcome to MWR
Please take note of the following before we begin the cleaning process:
  • The whole process will usually take at least a week complete, sometimes several weeks depending on the severity of the infection and how promptly you and me are able to reply, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

The first thing you should do is to subscribe to this topic.
In the top left corner of your opening post there is a link called Subscribe topic. If you click it you will be subscribed to this thread and will receive instant email notification of new replies. Most find that this works better than periodically checking back here to see if there's any new posts.

The second thing you should do is to take a backup of everything you have on the computer that's important not to lose.
I will do my best to ensure a safe removal procedure, but it does happen on rare occations that computers does not make it through disinfection and must be reinstalled.

Download and run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop
  • Double click on RSIT.exe to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

Have you run any scans yourself before you posted here? If so, which ones?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: my browser has been hijacked - log included

Unread postby avis101 » June 10th, 2009, 4:26 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by AviG at 2009-06-10 16:12:36
Microsoft® Windows Vista™ Home Premium
System drive C: has 9 GB (6%) free of 146 GB
Total RAM: 2037 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:55 PM, on 6/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\AviG\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Users\AviG\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AviG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AviG.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avisganis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\AviG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11820 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for AviG.job
C:\Windows\tasks\User_Feed_Synchronization-{11B2D312-AAC6-4FB8-AC76-E39633170B3F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-30 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-07-17 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-11-24 167936]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe []
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-11-28 46704]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-11 136600]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-02-26 131072]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-02-26 151552]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-02-26 126976]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-30 1947928]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2007-04-06 22528]
""= []
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-26 200704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3850ae35-9893-11dd-b774-d0d79e4ad6f2}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4046a328-4445-11dd-b6d2-001b24132558}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{733f23b8-557a-11dc-a2a9-001b24132558}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65c0f7a-c49e-11dc-af1d-001b24132558}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-06-10 16:12:36 ----D---- C:\rsit
2009-06-04 12:38:52 ----D---- C:\Program Files\Trend Micro
2009-06-04 10:32:40 ----D---- C:\Users\AviG\AppData\Roaming\Malwarebytes
2009-06-04 10:32:34 ----D---- C:\ProgramData\Malwarebytes
2009-06-04 10:32:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-28 02:33:01 ----D---- C:\Users\AviG\AppData\Roaming\TigerPlayer
2009-05-28 02:32:19 ----D---- C:\Program Files\MpcStar
2009-05-28 01:17:45 ----D---- C:\Downloads
2009-05-28 01:17:35 ----D---- C:\Program Files\BitComet
2009-05-27 23:32:37 ----D---- C:\Program Files\Mozilla Firefox
2009-05-27 23:32:36 ----D---- C:\ProgramData\Azureus
2009-05-27 23:32:33 ----D---- C:\Users\AviG\AppData\Roaming\Azureus
2009-05-27 23:01:12 ----D---- C:\Users\AviG\AppData\Roaming\uTorrent
2009-05-04 01:27:20 ----D---- C:\Users\AviG\AppData\Roaming\FileZilla
2009-05-04 01:27:10 ----D---- C:\Program Files\FileZilla FTP Client
2009-05-02 15:55:05 ----D---- C:\Program Files\Norton Security Scan
2009-04-29 22:56:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-04-28 23:26:37 ----D---- C:\Users\AviG\AppData\Roaming\Download Manager
2009-04-20 15:34:40 ----D---- C:\Program Files\Carbonite
2009-04-18 05:25:09 ----A---- C:\Windows\system32\mshtml.dll
2009-04-18 05:25:08 ----A---- C:\Windows\system32\ieframe.dll
2009-04-18 05:25:07 ----A---- C:\Windows\system32\urlmon.dll
2009-04-18 05:25:07 ----A---- C:\Windows\system32\iertutil.dll
2009-04-18 05:25:07 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-18 05:25:07 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-18 05:25:06 ----A---- C:\Windows\system32\wininet.dll
2009-04-18 05:25:06 ----A---- C:\Windows\system32\occache.dll
2009-04-18 05:25:06 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-18 05:25:06 ----A---- C:\Windows\system32\ieencode.dll
2009-04-18 05:25:06 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-18 05:25:06 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\mstime.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-18 05:25:05 ----A---- C:\Windows\system32\ieui.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\iesetup.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\iernonce.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-18 05:25:05 ----A---- C:\Windows\system32\icardie.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\advpack.dll
2009-04-18 05:25:05 ----A---- C:\Windows\system32\admparse.dll
2009-04-18 05:25:04 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-18 05:25:04 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-18 05:25:04 ----A---- C:\Windows\system32\ieakui.dll
2009-04-17 16:43:17 ----A---- C:\Windows\system32\rpcss.dll
2009-04-17 16:43:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-17 16:43:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-17 16:43:14 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-17 16:43:14 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-17 16:43:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-17 16:43:14 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-17 16:43:14 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-17 16:43:14 ----A---- C:\Windows\system32\iasads.dll
2009-04-17 05:04:11 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-17 05:04:09 ----A---- C:\Windows\system32\kernel32.dll
2009-04-17 05:04:08 ----A---- C:\Windows\system32\secur32.dll
2009-04-17 05:04:08 ----A---- C:\Windows\system32\lsass.exe
2009-04-17 05:04:08 ----A---- C:\Windows\system32\apilogen.dll
2009-04-17 05:04:08 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 18:37:26 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 18:37:26 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 18:34:43 ----A---- C:\Windows\system32\winhttp.dll
2009-04-13 16:33:43 ----D---- C:\Program Files\AbiSuite2
2009-04-07 19:19:10 ----D---- C:\Program Files\AT&T
2009-04-07 18:58:31 ----D---- C:\Program Files\Common Files\Research In Motion
2009-04-07 18:58:30 ----D---- C:\Program Files\Common Files\PctelEapPeer Authentication
2009-03-17 20:27:48 ----D---- C:\Program Files\LimeWire
2009-03-11 13:32:05 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 13:32:03 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 13:32:02 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 13:32:02 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 13:30:18 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 3 months======

2009-06-10 16:12:50 ----D---- C:\Windows\Prefetch
2009-06-10 16:12:41 ----D---- C:\Windows\Temp
2009-06-10 12:56:31 ----D---- C:\Windows\System32
2009-06-10 12:56:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-09 14:19:59 ----HD---- C:\$AVG8.VAULT$
2009-06-09 14:14:57 ----D---- C:\Windows\system32\drivers
2009-06-08 22:01:27 ----D---- C:\Users\AviG\AppData\Roaming\ZoomBrowser EX
2009-06-06 08:07:52 ----D---- C:\Users\AviG\AppData\Roaming\LimeWire
2009-06-05 00:44:56 ----D---- C:\ProgramData\avg8
2009-06-04 14:26:42 ----D---- C:\WINDOWS
2009-06-04 14:26:23 ----D---- C:\Program Files\Google
2009-06-04 12:38:52 ----RD---- C:\Program Files
2009-06-04 10:32:34 ----HD---- C:\ProgramData
2009-06-04 02:01:48 ----D---- C:\Program Files\Unity
2009-06-04 02:01:17 ----D---- C:\Windows\Tasks
2009-06-04 02:00:49 ----SHD---- C:\Windows\Installer
2009-05-30 20:26:26 ----D---- C:\Users\AviG\AppData\Roaming\Nikon
2009-05-30 20:25:46 ----D---- C:\Users\AviG\AppData\Roaming\Adobe
2009-05-30 20:00:32 ----D---- C:\preload
2009-05-30 20:00:32 ----D---- C:\$$folder_140
2009-05-30 18:49:27 ----D---- C:\Users\AviG\AppData\Roaming\skypePM
2009-05-30 18:49:26 ----D---- C:\Users\AviG\AppData\Roaming\PandoraRecovery
2009-05-30 18:43:38 ----HD---- C:\System.sav
2009-05-30 18:41:21 ----D---- C:\Program Files\Windows Media Player
2009-05-30 18:40:22 ----D---- C:\Program Files\QuickTime
2009-05-30 18:40:20 ----D---- C:\Program Files\PC Tools AntiVirus
2009-05-30 18:40:20 ----D---- C:\Program Files\Pandora Recovery
2009-05-30 18:40:13 ----D---- C:\Program Files\My Flash Recovery
2009-05-30 18:39:34 ----D---- C:\Program Files\Microsoft Works
2009-05-30 17:53:00 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2009-05-30 17:52:26 ----D---- C:\8a590e8cf77dd18e5dcdfd
2009-05-30 15:04:53 ----A---- C:\Windows\system32\avgrsstx.dll
2009-05-30 14:10:34 ----D---- C:\Users\AviG\AppData\Roaming\PC Tools
2009-05-30 14:10:03 ----D---- C:\Program Files\HP Games
2009-05-30 12:48:57 ----SHD---- C:\System Volume Information
2009-05-28 00:41:14 ----D---- C:\Windows\inf
2009-05-28 00:32:55 ----D---- C:\Program Files\Common Files
2009-05-28 00:04:19 ----SD---- C:\Windows\Downloaded Program Files
2009-05-23 21:35:03 ----D---- C:\ProgramData\ZoomBrowser
2009-05-23 21:32:54 ----D---- C:\Windows\system32\Tasks
2009-05-23 21:26:00 ----AD---- C:\ProgramData\TEMP
2009-05-23 08:29:18 ----D---- C:\Windows\system32\Adobe
2009-05-22 23:22:28 ----RSD---- C:\Windows\Fonts
2009-05-20 05:16:41 ----D---- C:\Windows\winsxs
2009-05-15 05:50:56 ----D---- C:\Windows\system32\catroot2
2009-05-15 03:07:43 ----D---- C:\ProgramData\Microsoft Help
2009-05-15 03:07:42 ----RSD---- C:\Windows\assembly
2009-05-15 03:02:20 ----D---- C:\Windows\system32\catroot
2009-05-15 03:02:12 ----D---- C:\Program Files\Windows Mail
2009-05-07 03:16:29 ----A---- C:\Windows\system32\mrt.exe
2009-05-07 01:56:28 ----D---- C:\Windows\system32\wbem
2009-05-07 01:55:38 ----D---- C:\Windows\system32\config
2009-05-07 01:54:24 ----D---- C:\Windows\system32\spool
2009-05-07 01:54:14 ----D---- C:\ProgramData\HP Product Assistant
2009-05-07 01:54:07 ----D---- C:\Windows\registration
2009-05-02 15:55:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-02 12:54:23 ----D---- C:\Windows\system32\Macromed
2009-04-29 23:04:24 ----D---- C:\ProgramData\Adobe
2009-04-29 23:01:02 ----D---- C:\Program Files\Common Files\Adobe
2009-04-29 23:00:46 ----D---- C:\Program Files\Adobe
2009-04-20 16:59:11 ----D---- C:\ProgramData\WildTangent
2009-04-20 13:57:49 ----D---- C:\Users\AviG\AppData\Roaming\acccore
2009-04-20 13:57:43 ----D---- C:\Program Files\Yahoo!
2009-04-20 13:57:43 ----D---- C:\Program Files\Windows Live
2009-04-20 13:57:43 ----D---- C:\Program Files\Symantec
2009-04-20 13:57:43 ----D---- C:\Program Files\Sierra Wireless Inc
2009-04-20 13:57:41 ----D---- C:\Program Files\Option
2009-04-20 13:57:41 ----D---- C:\Program Files\Novatel Wireless
2009-04-20 13:57:41 ----D---- C:\Program Files\Lavasoft
2009-04-20 13:57:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-20 13:57:32 ----D---- C:\Program Files\HP Connections
2009-04-20 13:57:30 ----D---- C:\Program Files\Hewlett-Packard
2009-04-20 13:57:22 ----D---- C:\Program Files\FriendFinder
2009-04-20 13:57:22 ----D---- C:\Program Files\Disc2Phone
2009-04-20 13:57:22 ----D---- C:\Program Files\CONEXANT
2009-04-20 03:12:59 ----D---- C:\Windows\system32\migration
2009-04-20 03:12:59 ----D---- C:\Program Files\Internet Explorer
2009-04-20 03:12:53 ----D---- C:\Windows\AppPatch
2009-04-18 03:07:47 ----D---- C:\Windows\system32\manifeststore
2009-04-07 19:01:07 ----D---- C:\ProgramData\AT&T
2009-03-30 21:48:20 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-05-30 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-30 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-30 108552]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PDIHWCTL;PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [2007-01-25 14416]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-16 14208]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 1608192]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2008-03-06 32160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-07-17 82432]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-01-03 26504]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12); C:\Windows\system32\DRIVERS\swnc8u12.sys [2007-06-27 101248]
R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12); C:\Windows\system32\DRIVERS\swumx12.sys [2007-06-27 73856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-16 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 i1;eye-one; C:\Windows\system32\DRIVERS\i1.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 1608192]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys []
S3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-12-18 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-05-30 908568]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-30 298776]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-11-28 63080]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-20 72704]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe []
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc []
S3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-29 655624]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------













info.txt logfile of random's system information tool 1.06 2009-06-10 16:13:03

======Uninstall list======

-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
AbiWord 2.6.8-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
AT&T Communication Manager-->MsiExec.exe /X{9C41CC3E-CB42-451F-9444-BA75FB12C0AC}
AT&T Communication Manager-->MsiExec.exe /X{D73F386A-A580-40AF-9FED-BEE0D66E2FE5}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -IwisR30B7.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Driver Installer-->MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Participation Program 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Driver Diagnostics-->MsiExec.exe /I{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guide 0048-->MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Flash Recovery-->"C:\Program Files\My Flash Recovery\unins000.exe"
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon RAW Codec-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}\Setup.exe" -l0x9 -removeonly
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{6FF543AB-99B3-4120-902C-70A38314ABD8}_2_0_1\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{6FF543AB-99B3-4120-902C-70A38314ABD8}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

======System event log======

Computer Name: AviG-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D29EC2C9. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 309306
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090610193515.000000-000
Event Type: Warning
User:

Computer Name: AviG-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D29EC2C9. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 309315
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090610194334.000000-000
Event Type: Warning
User:

Computer Name: AviG-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00A0D5FFFF85. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 309320
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090610194530.000000-000
Event Type: Warning
User:

Computer Name: AviG-PC
Event Code: 31004
Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 309322
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090610194921.000000-000
Event Type: Error
User:

Computer Name: AviG-PC
Event Code: 31004
Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 309325
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090610194924.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: AviG-PC
Event Code: 12290
Message: Volume Shadow Copy Service warning: ASR writer Error 0x80070565. hr = 0x00000000.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {43c438c8-104d-4db1-884e-fcd9e77f106b}
Record Number: 54706
Source Name: VSS
Time Written: 20090609232132.000000-000
Event Type: Warning
User:

Computer Name: AviG-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000109).
Record Number: 54707
Source Name: System Restore
Time Written: 20090609232156.000000-000
Event Type: Error
User:

Computer Name: AviG-PC
Event Code: 8210
Message: The scheduled restore point could not be created. Additional information: (0x81000109).
Record Number: 54708
Source Name: System Restore
Time Written: 20090609232156.000000-000
Event Type: Error
User:

Computer Name: AviG-PC
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 54711
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090610165627.000000-000
Event Type: Error
User:

Computer Name: AviG-PC
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 54712
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090610165627.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: AviG-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 59459
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610194921.368800-000
Event Type: Audit Failure
User:

Computer Name: AviG-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 59460
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610194921.852400-000
Event Type: Audit Failure
User:

Computer Name: AviG-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: AVIG-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x230
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 59461
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610200951.088800-000
Event Type: Audit Success
User:

Computer Name: AviG-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: AVIG-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x230
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 59462
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610200951.088800-000
Event Type: Audit Success
User:

Computer Name: AviG-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 59463
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610200951.088800-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------






OTHER SCANS I HAVE PERFORMED:

AVG
WINDOWS DEFENDER
avis101
Active Member
 
Posts: 4
Joined: June 4th, 2009, 12:50 pm

Re: my browser has been hijacked - log included

Unread postby Sharagoz » June 10th, 2009, 4:53 pm

P2P warning
You have LimeWire installed on your computer. This is a peer-to-peer program used to share files between computers.
There are several issues related to this:
  • P2P programs are notorious for being bundled with unwanted adware/spyware programs
  • Poorly configured P2P programs can share more files than you want them too, including personal files
  • Since its impossible to establish the source of which you are copying files from, you will always be at a certan risk every time you download a file. Malware written to spesifically spread through P2P networks are becoming an increasing problem and may be the source of your current infection. Even if you can trust the P2P program itself, you can never trust the sources you download from.

By MWR policy I am forced to ask that you uninstall this program if you wish me to further help you with your malware issues.
For more info, read MWR policy on P2P programs

If you want me to continue helping you, go to Add/Remove Programs and uninstall LimeWire 4.18.8 and any other file sharing applications you have installed.

If you chose to continue, do the below:

1) Download and run DDS by sUBs
  • Download DDS from one of the links below and save it to your desktop
    Link1 | Link2 | Link3
  • Right-click on the file and chose Run as administrator to run the tool
  • A black window will stay open while the tool runs
  • Wait for the scan to finish (this will only take a couple of minutes), and two logs to open in separate notepad documents
  • Include both these logs in your next reply

2) Download and run GMER
  • Download gmer.zip by GMER from here and extract it to a folder on your desktop
  • Right-click on gmer.exe and chose Run as administrator to launch the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
    (The scan typically takes around 30 minutes to complete)
  • Once the scan has finished, click copy
    (There is no message displayed when the scan is finished, it will simply stop going through files)
  • A log will now be copied to the clip board
  • Paste this log into your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: my browser has been hijacked - log included

Unread postby avis101 » June 10th, 2009, 7:58 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by AviG at 17:23:22.76 on Wed 06/10/2009
Internet Explorer: 7.0.6000.16830
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1179 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\AviG\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Users\AviG\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AviG\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.avisganis.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [<NO NAME>]
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\avig\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-22 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-30 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-6-22 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-22 298776]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2007-9-28 14416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-8 24652]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [2008-9-7 101248]
R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [2008-9-7 73856]
S3 ATTRcAppSvc;AT&T RcAppSvc;"c:\program files\at&t\communication manager\rcappsvc.exe" /n "attrcappsvc" --> c:\program files\at&t\communication manager\RcAppSvc.exe [?]
S3 CAATT;AT&T Con App Svc;"c:\program files\at&t\communication manager\conappssvc.exe" /n "caatt" --> c:\program files\at&t\communication manager\ConAppsSvc.exe [?]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-18 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-18 43904]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2007-12-28 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-12-28 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-12-28 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-12-28 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2007-12-28 98696]

=============== Created Last 30 ================

2009-06-04 12:38 <DIR> --d----- c:\program files\Trend Micro
2009-06-04 10:32 <DIR> --d----- c:\users\avig\appdata\roaming\Malwarebytes
2009-06-04 10:32 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 10:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 10:32 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-04 10:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 10:32 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-30 15:04 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-28 02:33 <DIR> --d----- c:\users\avig\appdata\roaming\TigerPlayer
2009-05-28 02:32 <DIR> --d----- c:\program files\MpcStar
2009-05-28 01:17 <DIR> --d----- C:\Downloads
2009-05-28 01:17 <DIR> --d----- c:\program files\BitComet
2009-05-28 00:23 60,416 a------- c:\users\avig\KrjPrOho.exe
2009-05-27 23:32 <DIR> --d----- c:\programdata\Azureus
2009-05-27 23:32 <DIR> --d----- c:\progra~2\Azureus
2009-05-27 23:32 <DIR> --d----- c:\users\avig\appdata\roaming\Azureus
2009-05-27 23:01 <DIR> --d----- c:\users\avig\appdata\roaming\uTorrent

==================== Find3M ====================

2009-05-30 15:04 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-30 15:04 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-04 17:31 20 ----h--- c:\programdata\PKP_DLdw.DAT
2009-05-04 17:31 20 ----h--- c:\progra~2\PKP_DLdw.DAT
2009-04-27 10:32 20 ----h--- c:\programdata\PKP_DLdu.DAT
2009-04-27 10:32 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2009-04-07 19:23 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-07 19:23 86,016 a------- c:\windows\inf\infstor.dat
2009-04-07 19:23 86,016 a------- c:\windows\inf\infpub.dat
2009-03-16 23:16 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:16 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:16 25,600 a------- c:\windows\system32\amxread.dll
2008-12-13 04:28 174 a--sh--- c:\program files\desktop.ini
2008-09-12 21:15 0 a------- c:\users\avig\appdata\roaming\wklnhst.dat
2008-06-15 15:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-08 01:22 32 a------- c:\programdata\ezsid.dat
2008-02-08 01:22 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-17 18:35 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-03-17 18:35 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-03-17 18:35 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 17:25:47.34 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2007 8:15:14 AM
System Uptime: 6/10/2009 6:10:55 AM (11 hours ago)

Motherboard: Quanta | | 30BB
Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 8.859 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 5.527 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
AbiWord 2.6.8
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 7.0 Professional
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe CSI CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 8
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Update Manager CS4
Adobe Version Cue CS2
AIO_CDA_ProductContext
AIO_Scan
ASL_HS_Installer32
AT&T Communication Manager
AudibleManager
AVG Free 8.5
BufferChm
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Conexant HD Audio
Connect
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Disc2Phone
DocProc
DocProcQFolder
Driver Installer
EPSON Printer Software
eSupportQFolder
Fax
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Customer Participation Program 9.0
HP Driver Diagnostics
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP QuickPlay 3.0
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
kuler
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
My Flash Recovery
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
Nokia Connectivity Adapter Cable DKU-5
Norton Security Scan
Norton Security Scan (Symantec Corporation)
PanoStandAlone
Picture Control Utility
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SolutionCenter
Sonic Activation Module
Status
Suite Shared Configuration CS4
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
ViewNX
Viewpoint Media Player
WebReg

==== Event Viewer Messages From Past Week ========

6/8/2009 9:22:36 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ELIZABETHFLO-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{75AD95B6-A4AB-4787-BA0F-DB. The master browser is stopping or an election is being forced.
6/8/2009 2:54:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 32.179.245.225 for the Network Card with network address 00A0D5FFFF85 has been denied by the DHCP server 166.214.241.253 (The DHCP Server sent a DHCPNACK message).
6/6/2009 6:58:04 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{75AD95B6-A4AB-4787-BA0F-DBF692B786D4} because another computer on the network has the same name. The server could not start.
6/6/2009 6:58:04 AM, Error: netbt [4321] - The name "AVIG-PC :20" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 169.254.103.235 did not allow the name to be claimed by this computer.
6/6/2009 6:58:04 AM, Error: netbt [4321] - The name "AVIG-PC :0" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 169.254.103.235 did not allow the name to be claimed by this computer.
6/4/2009 5:46:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0019D29EC2C9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/4/2009 3:16:13 PM, Error: EventLog [6008] - The previous system shutdown at 3:13:34 PM on 6/4/2009 was unexpected.
6/3/2009 3:29:27 AM, Error: EventLog [6008] - The previous system shutdown at 2:59:56 AM on 6/3/2009 was unexpected.
6/3/2009 2:45:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 166.214.115.137 for the Network Card with network address 00A0D5FFFF85 has been denied by the DHCP server 32.179.36.253 (The DHCP Server sent a DHCPNACK message).
6/3/2009 2:30:03 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/3/2009 2:22:29 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D29EC2C9. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/3/2009 2:21:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 166.214.110.176 for the Network Card with network address 00A0D5FFFF85 has been denied by the DHCP server 166.214.115.253 (The DHCP Server sent a DHCPNACK message).
6/3/2009 12:09:23 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
6/3/2009 1:48:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0019D29EC2C9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/10/2009 6:57:20 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 32.179.14.80 for the Network Card with network address 00A0D5FFFF85 has been denied by the DHCP server 166.214.122.253 (The DHCP Server sent a DHCPNACK message).
6/10/2009 6:46:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/10/2009 5:17:44 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 32.179.216.84 for the Network Card with network address 00A0D5FFFF85 has been denied by the DHCP server 166.214.26.253 (The DHCP Server sent a DHCPNACK message).
6/10/2009 4:48:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 166.214.228.234 for the Network Card with network address 00A0D5FFFF85 has been denied by the DHCP server 32.179.216.253 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================






GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-10 19:57:33
Windows 6.0.6000


---- System - GMER 1.0.15 ----

Code 86BFDCE0 ZwEnumerateKey
Code 86C7A288 ZwFlushInstructionCache
Code 86BDFED5 IofCallDriver
Code 86BF3DCE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82427F37 5 Bytes JMP 86BDFEDA
.text ntkrnlpa.exe!IofCompleteRequest 82427FA4 5 Bytes JMP 86BF3DD3
PAGE ntkrnlpa.exe!ZwEnumerateKey 82537F06 5 Bytes JMP 86BFDCE4
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 825E849F 5 Bytes JMP 86C7A28C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!free 7634A05E 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!malloc 7634A11A 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!??3@YAXPAX@Z 7634A187 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!??2@YAPAXI@Z 7634A197 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!realloc 7634ABEF 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!calloc 7634D7DA 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_msize 7634E409 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_aligned_free 7636875D 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_aligned_malloc 76369A4C 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_aligned_offset_malloc 76369A68 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 7639B9BD 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_aligned_offset_realloc 7639B9CD 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_aligned_realloc 7639BB42 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_expand 7639BB61 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_heapadd 7639D6E8 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_heapchk 7639D6FC 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_heapset + 1 7639D7FE 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_heapmin 7639D807 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_heapused 7639D8ED 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1812] msvcrt.dll!_heapwalk 7639D900 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamW 770F14EA 5 Bytes JMP 6D5E1777 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExA 7710570D 5 Bytes JMP 6D5E16BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamA 771065BF 5 Bytes JMP 6D5E173C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectW 7710F1B3 5 Bytes JMP 6D4716B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamW 7711129F 5 Bytes JMP 6D44F341 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamA 771329C9 5 Bytes JMP 6D5E17B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectA 7713FACF 5 Bytes JMP 6D5E16F8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExW 7713FBC9 5 Bytes JMP 6D5E1684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] SHELL32.dll!DAD_ShowDragImage + CC 765BE958 4 Bytes [01, 0C, 8C, 6E] {ADD [ESP+ECX*4], ECX; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] SHELL32.dll!DAD_ShowDragImage + D4 765BE960 8 Bytes [0F, 0B, 8C, 6E, 8F, 32, 8B, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7499FD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7496BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7495A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7495CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74958AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7496D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74957D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74957CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74956A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749EC1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749780FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749590CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7496223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74962267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [7496771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7496753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3652] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74998585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E8AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E8AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E8AB641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E8AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E8ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E8AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E8AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E8AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E8AB641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E8ADDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E8AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E8AF43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E8B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E8AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E8B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E8AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E8AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E8ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E8AB0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E8AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E8AA910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E8BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E8BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E8BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E8BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E8BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E8BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E8BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E8B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E8AFF2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E8AFB56] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E8B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E8AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E8A896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E8AEB9B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E8A8BC4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E8AE36B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E8AE945] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E8AC176] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E8A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E8AF43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E8A8CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E8AE499] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E8AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E8ADDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E8AEA70] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E8ADD7D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E8AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E8ABB72] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E8ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E8AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E8AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E8AE0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E8AB0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E8AA910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E8AA7B9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E8AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E8AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E8A8CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E8ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E8B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E8AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E8AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E8A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E8A8BC4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E8ABB72] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E8AFF2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E8AFB56] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E8B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E8AEF48] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E8A896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E8AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E8ACF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E8ACDCE] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E8BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E8BC4D1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E8BCD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E8BD947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E8BCA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E8BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E8BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E8BE19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E8BD46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E8BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E8BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E8BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E8BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E8BDEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E8BE015] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E8BE325] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E8BDD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E8BD607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E8AA400] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E8AFBC9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E8AE0F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E8AA682] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E8AAE32] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E8AB0B4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E8ABFC3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E8AB641] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E8A969E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E8AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E8ADDF0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E8B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E8B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E8A9300] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E8A896E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E8AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E8AA178] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E8AA910] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E8AEA70] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E8AE499] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E8AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E8A8CF2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E8A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E8ADE15] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E8A943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E8AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E8ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E8A8F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E8AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E8A91CF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E8AF43D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E8AC52B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E8ACF05] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E8ACA20] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E8BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E8BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6E8BDEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6E8BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E8BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E8BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E8BD947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E8BE19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6E8BD173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6E8BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6E8BD46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6E8BC91D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6E8BC391] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6E8BD607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E8BCA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6E8BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E8B9194] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E8B0D38] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E8B0291] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E8AD4D7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E8AF1D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E8AC2A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E8A943F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E8A8F5F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E8ABCBB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E8AD1C1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E8A8A99] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E8AD03C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6E8BD173] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6E8BD2C3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6E8BE19D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6E8BE4AD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6E8BDD3F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6E8BCD90] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E8BDB43] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E8BD947] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6E8BD46B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6E8BDEA9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6E8BCD3D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6E8BD7A7] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E8BCBD1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E8BCED9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E8BC659] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6E8BD607] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6E8BCA59] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E8B5CE6] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E8B5C88] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E8B4D7E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E8B5098] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E8B5188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E8B408B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E8B5340] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E8B6188] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E8B539B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E8B61E3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E8B3FE4] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\kungsftrieaoqa.sys (*** hidden *** ) [SYSTEM] kungsfkddtejlr <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f28110
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr@imagepath \systemroot\system32\drivers\kungsftrieaoqa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main@aid 10033
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\modules@kungsfrk.sys \systemroot\system32\drivers\kungsftrieaoqa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\modules@kungsfcmd.dll \systemroot\system32\kungsfytqpputh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\modules@kungsflog.dat \systemroot\system32\kungsfqbgidnyh.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\modules@kungsf.dat \systemroot\system32\kungsfwwbixict.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfkddtejlr\modules@kungsfwsp.dll \systemroot\system32\kungsfqqeyabxk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641f28110
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr@imagepath \systemroot\system32\drivers\kungsftrieaoqa.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main@aid 10033
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\modules
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\modules@kungsfrk.sys \systemroot\system32\drivers\kungsftrieaoqa.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\modules@kungsfcmd.dll \systemroot\system32\kungsfytqpputh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\modules@kungsflog.dat \systemroot\system32\kungsfqbgidnyh.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\modules@kungsf.dat \systemroot\system32\kungsfwwbixict.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfkddtejlr\modules@kungsfwsp.dll \systemroot\system32\kungsfqqeyabxk.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\drivers\kungsftrieaoqa.sys 20480 bytes <-- ROOTKIT !!!
File C:\WINDOWS\System32\kungsfqbgidnyh.dat 4162 bytes

---- EOF - GMER 1.0.15 ----
avis101
Active Member
 
Posts: 4
Joined: June 4th, 2009, 12:50 pm

Re: my browser has been hijacked - log included

Unread postby Sharagoz » June 11th, 2009, 2:39 pm

1) Temporarily disable UAC
You need to temporarily disable Vistas User Account Control, as it may interfere with some of the tools we use
  • Click the Start button and then Control Panel
  • In the control panels lefthand pane, make sure Control Panel Home is selected
  • In the righthand pane, click User Accounts and Family Safety
  • Click User Accounts
  • Click Turn User Account Control on or off
  • If Use UAC to protect your computer doesn't have a checkmark, skip to the next step
  • If it does, remove the checkmark, press OK and then restart your computer
Note:
We'll re-enable UAC again after we're done cleaning your computer.

2) Disable Windows Defender
  • Open Windows Defender
  • Select Tools and then General Settings
  • Scroll down, and under Real Time Protection Options uncheck Turn on real-time protection
  • Select Save
Note:
We'll re-enable Windows Defender after we're done cleaning your computer.

You need to temporarily disable AVGs Resident Shield before the next step
  • Open the AVG interface
  • Click Components and then Resident Shield
  • Uncheck Resident Shield Active and click Save Changes

3) Download and Run ComboFix
  • Visit this webpage for download links and and instructions on how to properly run ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Make sure you install the recovery consol as instructed beforehand
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

Enable AVGs Resident Shield again after this step

4) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply

Logs I need:
ComboFix log
RSIT log
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: my browser has been hijacked - log included

Unread postby avis101 » June 11th, 2009, 8:22 pm

I tried to disable AVG resident shield- combofix still detected it. then I uninistalled the program. combfix still detected it. I do not know why the message about me running AVG kept popping up. It is currently uninstalled.

Here are the requested logs:

ComboFix 09-06-11.06 - AviG 06/11/2009 20:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1216 [GMT -4:00]
Running from: c:\users\AviG\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\kungsftrieaoqa.sys
c:\windows\system32\kungsfqbgidnyh.dat
c:\windows\system32\kungsfqqeyabxk.dll
c:\windows\system32\kungsfwwbixict.dat
c:\windows\system32\kungsfytqpputh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfkddtejlr


((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-12 00:09 . 2009-06-12 00:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-12 00:09 . 2009-06-12 00:09 -------- d-----w- c:\users\Autumn\AppData\Local\temp
2009-06-11 19:51 . 2007-02-27 01:54 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-06-10 22:35 . 2009-05-13 12:23 750 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\hub.scr
2009-06-10 22:35 . 2009-05-13 12:23 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\NAVENG.SYS
2009-06-10 22:35 . 2009-05-13 12:23 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\NAVEX15.SYS
2009-06-10 22:35 . 2009-05-13 12:23 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\NAVENG32.DLL
2009-06-10 22:35 . 2009-05-13 12:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\NAVEX32A.DLL
2009-06-10 22:35 . 2009-05-13 12:23 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\EECTRL.SYS
2009-06-10 22:35 . 2009-05-13 12:23 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\ECMSVR32.DLL
2009-06-10 22:35 . 2009-05-13 12:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\CCERASER.DLL
2009-06-10 22:35 . 2009-05-13 12:23 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090610.002\ERASER.SYS
2009-06-10 20:12 . 2009-06-10 20:13 -------- d-----w- C:\rsit
2009-06-08 15:11 . 2009-06-08 15:11 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-04 16:38 . 2009-06-04 16:38 -------- d-----w- c:\program files\Trend Micro
2009-06-04 14:32 . 2009-06-04 14:32 -------- d-----w- c:\users\AviG\AppData\Roaming\Malwarebytes
2009-06-04 14:32 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 14:32 . 2009-06-04 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 14:32 . 2009-06-04 14:32 -------- d-----w- c:\programdata\Malwarebytes
2009-06-04 14:32 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-28 06:33 . 2009-05-28 06:39 -------- d-----w- c:\users\AviG\AppData\Roaming\TigerPlayer
2009-05-28 06:32 . 2009-05-30 18:31 -------- d-----w- c:\program files\MpcStar
2009-05-28 05:17 . 2009-05-28 06:26 -------- d-----w- C:\Downloads
2009-05-28 05:17 . 2009-05-30 16:46 -------- d-----w- c:\program files\BitComet
2009-05-28 04:23 . 2009-05-28 04:23 60416 ----a-w- c:\users\AviG\KrjPrOho.exe
2009-05-28 04:02 . 2009-05-28 04:02 2083880 ----a-w- c:\users\AviG\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-05-28 03:32 . 2009-05-28 03:32 -------- d-----w- c:\programdata\Azureus
2009-05-28 03:32 . 2009-05-28 04:31 -------- d-----w- c:\users\AviG\AppData\Roaming\Azureus
2009-05-28 03:01 . 2009-05-28 03:01 -------- d-----w- c:\users\AviG\AppData\Roaming\uTorrent
2009-05-16 23:50 . 2009-05-16 23:50 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 23:51 . 2006-12-18 05:06 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-11 07:08 . 2006-12-18 05:47 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 07:06 . 2006-12-18 05:45 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 22:35 . 2006-12-18 05:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-10 22:30 . 2006-12-18 05:35 -------- d-----w- c:\programdata\Symantec
2009-06-10 22:01 . 2009-05-02 19:55 -------- d-----w- c:\program files\Norton Security Scan
2009-06-10 21:18 . 2009-03-18 00:27 -------- d-----w- c:\program files\LimeWire
2009-06-09 02:01 . 2007-11-07 03:00 -------- d-----w- c:\users\AviG\AppData\Roaming\ZoomBrowser EX
2009-06-06 12:07 . 2007-07-22 18:58 -------- d-----w- c:\users\AviG\AppData\Roaming\LimeWire
2009-06-04 18:26 . 2008-02-08 05:20 -------- d-----w- c:\program files\Google
2009-06-04 06:01 . 2009-03-04 23:09 -------- d-----w- c:\program files\Unity
2009-05-31 21:13 . 2007-07-17 11:54 188576 ----a-w- c:\users\AviG\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-31 00:26 . 2008-06-20 22:40 -------- d-----w- c:\users\AviG\AppData\Roaming\Nikon
2009-05-31 00:26 . 2009-05-04 05:27 -------- d-----w- c:\users\AviG\AppData\Roaming\FileZilla
2009-05-31 00:25 . 2009-05-04 05:27 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-31 00:00 . 2009-01-03 16:13 -------- d-----w- c:\users\Guest\AppData\Roaming\LimeWire
2009-05-30 22:49 . 2008-02-08 05:22 -------- d-----w- c:\users\AviG\AppData\Roaming\skypePM
2009-05-30 22:49 . 2008-04-18 16:14 -------- d-----w- c:\users\AviG\AppData\Roaming\PandoraRecovery
2009-05-30 22:44 . 2008-10-15 22:57 -------- d-----w- c:\users\Autumn\AppData\Roaming\IMVUClient
2009-05-30 22:43 . 2008-10-15 22:57 -------- d-----w- c:\users\Autumn\AppData\Roaming\IMVU
2009-05-30 22:40 . 2007-08-27 11:30 -------- d-----w- c:\program files\QuickTime
2009-05-30 22:40 . 2008-06-24 04:34 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-05-30 22:40 . 2008-04-18 16:14 -------- d-----w- c:\program files\Pandora Recovery
2009-05-30 22:40 . 2008-04-17 18:24 -------- d-----w- c:\program files\My Flash Recovery
2009-05-30 21:53 . 2006-12-18 05:50 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-05-30 21:52 . 2009-04-13 20:33 -------- d-----w- c:\program files\AbiSuite2
2009-05-30 18:10 . 2008-06-24 04:50 -------- d-----w- c:\users\AviG\AppData\Roaming\PC Tools
2009-05-30 18:10 . 2006-12-18 05:53 -------- d-----w- c:\program files\HP Games
2009-05-30 18:09 . 2009-04-20 19:34 -------- d-----w- c:\program files\Carbonite
2009-05-24 01:35 . 2007-11-02 22:02 -------- d-----w- c:\programdata\ZoomBrowser
2009-05-15 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-07 05:54 . 2007-10-19 22:21 -------- d-----w- c:\programdata\HP Product Assistant
2009-05-04 21:31 . 2008-06-20 22:22 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-04-30 03:08 . 2009-04-29 03:26 -------- d-----w- c:\users\AviG\AppData\Roaming\Download Manager
2009-04-30 03:01 . 2006-12-18 05:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-30 02:56 . 2009-04-30 02:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-04-27 14:32 . 2008-06-20 22:18 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-04-24 16:22 . 2009-06-11 00:36 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-11 00:36 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-11 00:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-11 00:36 72704 ----a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-11 00:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-11 00:36 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-23 13:01 . 2009-06-11 00:36 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-11 00:36 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-11 00:36 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-04-20 20:59 . 2006-12-18 05:57 -------- d-----w- c:\programdata\WildTangent
2009-03-17 03:16 . 2009-04-17 09:04 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-17 09:04 25600 ----a-w- c:\windows\system32\amxread.dll
2009-03-15 11:46 . 2008-03-09 15:51 185376 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-27 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-27 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-27 126976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2007-04-06 22528]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-9-20 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-12 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{986DBCC3-258C-478A-B7BC-99F1DB270CF8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F629E84D-94B6-4C41-872B-5620E934DE41}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{708E4799-8618-4D37-BB83-7435029E4E1B}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{54A94869-6808-4372-B4AB-250AB0111E97}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{6C384080-1347-4BDB-BB76-09B21B18A5F0}"= Profile=Public|c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{B140A5A1-8FFE-44B1-804E-C4DB0150BB5E}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{8418196E-2324-4FC8-9146-ABEC4B16444F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{02FF0AB7-62F2-451D-9EC5-1BE315AAC2E1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{009D3011-BCB6-4E33-95E9-869B1644CA82}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{736206B0-1487-4C58-A8FD-32920215B143}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F642124B-A90C-4B65-AF77-00781B157708}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3D639D05-B5D7-4AE0-A309-D433E18E4AB4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E2C8DFB9-E928-48FC-8B58-BB79695058AE}"= UDP:c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{C1F4B26C-9408-4901-94C9-5F036F331968}"= TCP:c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{0AC05C65-F73A-4367-B847-9B63F746887E}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{2849CAC7-A922-4E05-93C2-9DB5E62EE61C}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{B1C5682D-C9F1-4526-A785-46DDCDDBABC8}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7361D0EC-ADB8-4462-9E27-838C77B1D2BC}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{AFA2C2A2-C74B-4D99-B493-33658509EE78}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{0B184018-C9E2-4EF7-A2BE-3E6C3DDE9BAC}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{B51791F4-8135-4928-862A-590B0E39172D}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{C04EA0B9-9CCB-478A-BDA4-B98DE26C1EAF}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{1268BF49-1C46-4675-BE9B-479653555F5B}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{91B3F60A-2033-4B10-AF5A-F032EBAC4375}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{E3C49392-DAA6-4901-AB1E-5D7A9C0D10D6}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{0EDB5D39-A412-449E-AE27-C9BC942A00E6}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{77B7F4B1-ED7D-4B47-9375-65CE82D166E0}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{80ABD307-F2B7-4CC8-A424-D8B3253D5491}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{E77369C8-E24B-4D81-A124-145451721C1C}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{AF79C4C0-25CB-4F53-BBE9-6F7D4575B79A}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{2A4FC10E-31A0-401D-ACAA-EB384BEABA89}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{BAA31F8C-C4DF-42FC-9D7D-DDD704A46252}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{01A6313B-E6DB-4131-B8D6-898EB68F29D5}"= Disabled:UDP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{41D7EB8D-C8C3-4DFA-BD45-C3990B0A15EE}"= Disabled:TCP:c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{1F3DDAFD-2737-41E0-98FF-2BEDDECBE0CC}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{28B1DABD-4192-4CD5-A444-4CA4C9DA327C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E0681734-7774-4653-A90E-A2A1B4561B17}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A293A72-BB57-4FB5-AE1D-CD04B35C4207}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{51D9DE81-5E18-4CE0-94C6-8F5FEB56E880}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99389E85-3507-4F88-81C1-7D340A6D2A0C}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B9753D23-6C50-44B6-891B-B2E9DFA93B9A}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1894FC88-0B08-4E12-82F9-58CA0D0F74BF}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{8B0AD7F0-5770-4C70-8BD0-0BDA60CEFFF6}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{89A8CF00-EEA9-472B-8248-AC0E137FB2B3}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{9A55BCE9-CE32-46CE-B5AB-E1EB23FEB0E6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{89A5DDC3-D23C-4B73-BCC7-27675E61DC27}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4E344E91-2202-4F97-99A2-E7E8D8E8E34B}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0DB96447-EF23-4F7F-8418-BC75FD6C7869}"= Disabled:c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{D6FBBB6A-F9D7-423F-ACDB-7B402A3175D4}"= Disabled:UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2FAC9CA2-5D93-4E24-A619-61A342200713}"= Disabled:TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0AFF5177-8D32-4D0A-A0A8-A62A45CA4045}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A460CABF-A694-41B4-8EE0-32AFA60F06A5}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7128FF7C-70FF-4246-853B-B2430F6B59B9}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7333689F-DEA5-48C1-86CD-50D746523091}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1B4F98B1-A640-42DA-BF36-01977CA753F7}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1A1E2DD0-F0DA-48FC-8B3A-0DC14273F0E0}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C90631B0-5C5C-4E51-8BC6-B370A1FCCB16}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F46AF47-63ED-4ACC-A648-C89B3D339186}"= UDP:5353:Adobe CSI CS4
"{81809E62-7F1F-4AC9-84EE-5B072684AAB1}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3832DFD7-FBDF-4F62-A228-420F267A23FC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{2D8BDAA1-624A-4DCC-922A-FDF6D2A8F008}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"UDP Query User{940202C6-E8F9-4C7A-AF0F-7376E671D9A1}c:\\program files\\adobe\\adobe dreamweaver cs4\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe:Adobe Dreamweaver CS4
"{A110D345-459C-4E67-A6FD-BBDB50285A08}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet.exe
"{251FAC5F-58EC-4E67-9357-9DDA355F2CA9}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 PDIHWCTL;PDIHWCTL;c:\windows\System32\drivers\pdihwctl.sys [9/28/2007 6:49 PM 14416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/8/2007 4:51 AM 24652]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\System32\drivers\swnc8u12.sys [9/7/2008 1:12 PM 101248]
R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\System32\drivers\swumx12.sys [9/7/2008 1:12 PM 73856]
S3 ATTRcAppSvc;AT&T RcAppSvc;"c:\program files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" --> c:\program files\AT&T\Communication Manager\RcAppSvc.exe [?]
S3 CAATT;AT&T Con App Svc;"c:\program files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" --> c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [?]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [12/18/2006 10:31 PM 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [12/18/2006 10:31 PM 43904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\Norton Security Scan for AviG.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 23:04]

2009-06-11 c:\windows\Tasks\User_Feed_Synchronization-{11B2D312-AAC6-4FB8-AC76-E39633170B3F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.avisganis.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\AviG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 20:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-12 20:11
ComboFix-quarantined-files.txt 2009-06-12 00:11

Pre-Run: 9,991,172,096 bytes free
Post-Run: 11,472,523,264 bytes free

317 --- E O F --- 2009-06-11 07:08





Logfile of random's system information tool 1.06 (written by random/random)
Run by AviG at 2009-06-11 20:19:35
Microsoft® Windows Vista™ Home Premium
System drive C: has 11 GB (8%) free of 146 GB
Total RAM: 2037 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:52 PM, on 6/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Users\AviG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AviG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avisganis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\AviG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9903 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for AviG.job
C:\Windows\tasks\User_Feed_Synchronization-{11B2D312-AAC6-4FB8-AC76-E39633170B3F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-11-24 167936]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-11-28 46704]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-11 136600]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-02-26 131072]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-02-26 151552]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-02-26 126976]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2007-04-06 22528]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-26 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-06-11 20:11:45 ----SHD---- C:\$RECYCLE.BIN
2009-06-11 20:11:42 ----A---- C:\ComboFix.txt
2009-06-11 19:44:09 ----A---- C:\Windows\zip.exe
2009-06-11 19:44:09 ----A---- C:\Windows\SWXCACLS.exe
2009-06-11 19:44:09 ----A---- C:\Windows\SWSC.exe
2009-06-11 19:44:09 ----A---- C:\Windows\SWREG.exe
2009-06-11 19:44:09 ----A---- C:\Windows\sed.exe
2009-06-11 19:44:09 ----A---- C:\Windows\PEV.exe
2009-06-11 19:44:09 ----A---- C:\Windows\NIRCMD.exe
2009-06-11 19:44:09 ----A---- C:\Windows\grep.exe
2009-06-11 19:44:01 ----SD---- C:\ComboFix
2009-06-11 19:31:05 ----D---- C:\Windows\ERDNT
2009-06-11 19:30:16 ----A---- C:\Windows\smartkeydiagnostics.txt
2009-06-11 19:30:12 ----D---- C:\Qoobox
2009-06-11 15:51:10 ----A---- C:\Windows\system32\igfxres.dll
2009-06-10 20:36:49 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 20:36:44 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 20:36:37 ----A---- C:\Windows\system32\mstime.dll
2009-06-10 20:36:37 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 20:36:36 ----A---- C:\Windows\system32\ieframe.dll
2009-06-10 20:36:34 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 20:36:34 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 20:36:34 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\occache.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\iertutil.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\icardie.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-10 20:36:33 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-10 20:36:32 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-10 20:36:32 ----A---- C:\Windows\system32\ieencode.dll
2009-06-10 20:36:32 ----A---- C:\Windows\system32\advpack.dll
2009-06-10 20:36:32 ----A---- C:\Windows\system32\admparse.dll
2009-06-10 20:36:31 ----A---- C:\Windows\system32\ieui.dll
2009-06-10 20:36:31 ----A---- C:\Windows\system32\iesetup.dll
2009-06-10 20:36:31 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 20:36:31 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-10 20:36:30 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-10 20:36:30 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-10 20:36:30 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-10 20:36:30 ----A---- C:\Windows\system32\ieakui.dll
2009-06-10 20:36:29 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-10 16:12:36 ----D---- C:\rsit
2009-06-04 12:38:52 ----D---- C:\Program Files\Trend Micro
2009-06-04 10:32:40 ----D---- C:\Users\AviG\AppData\Roaming\Malwarebytes
2009-06-04 10:32:34 ----D---- C:\ProgramData\Malwarebytes
2009-06-04 10:32:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-28 02:33:01 ----D---- C:\Users\AviG\AppData\Roaming\TigerPlayer
2009-05-28 02:32:19 ----D---- C:\Program Files\MpcStar
2009-05-28 01:17:45 ----D---- C:\Downloads
2009-05-28 01:17:35 ----D---- C:\Program Files\BitComet
2009-05-27 23:32:37 ----D---- C:\Program Files\Mozilla Firefox
2009-05-27 23:32:36 ----D---- C:\ProgramData\Azureus
2009-05-27 23:32:33 ----D---- C:\Users\AviG\AppData\Roaming\Azureus
2009-05-27 23:01:12 ----D---- C:\Users\AviG\AppData\Roaming\uTorrent

======List of files/folders modified in the last 1 months======

2009-06-11 20:18:16 ----D---- C:\Windows\Temp
2009-06-11 20:11:47 ----D---- C:\Windows\system32\en-US
2009-06-11 20:11:46 ----D---- C:\Windows\System32
2009-06-11 20:09:35 ----D---- C:\WINDOWS
2009-06-11 20:09:35 ----A---- C:\Windows\system.ini
2009-06-11 20:04:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-11 20:04:42 ----D---- C:\Windows\system32\drivers
2009-06-11 20:04:42 ----D---- C:\Windows\AppPatch
2009-06-11 20:04:42 ----D---- C:\Program Files\Common Files
2009-06-11 19:55:38 ----SHD---- C:\System Volume Information
2009-06-11 19:32:46 ----SD---- C:\Users\AviG\AppData\Roaming\Microsoft
2009-06-11 19:32:45 ----HD---- C:\ProgramData
2009-06-11 19:30:06 ----D---- C:\Windows\Prefetch
2009-06-11 03:20:53 ----D---- C:\Windows\winsxs
2009-06-11 03:20:21 ----D---- C:\Windows\system32\catroot
2009-06-11 03:14:12 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:14:11 ----D---- C:\Windows\system32\migration
2009-06-11 03:08:12 ----SHD---- C:\Windows\Installer
2009-06-11 03:08:05 ----D---- C:\ProgramData\Microsoft Help
2009-06-11 03:06:43 ----D---- C:\Program Files\Microsoft Works
2009-06-11 03:06:42 ----D---- C:\Windows\inf
2009-06-11 03:02:14 ----D---- C:\Windows\system32\catroot2
2009-06-10 18:35:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-10 18:30:15 ----D---- C:\ProgramData\Symantec
2009-06-10 18:01:08 ----D---- C:\Program Files\Norton Security Scan
2009-06-10 17:18:46 ----D---- C:\Program Files\LimeWire
2009-06-08 22:01:27 ----D---- C:\Users\AviG\AppData\Roaming\ZoomBrowser EX
2009-06-06 08:07:52 ----D---- C:\Users\AviG\AppData\Roaming\LimeWire
2009-06-04 14:26:23 ----D---- C:\Program Files\Google
2009-06-04 12:38:52 ----RD---- C:\Program Files
2009-06-04 02:01:48 ----D---- C:\Program Files\Unity
2009-06-04 02:01:17 ----D---- C:\Windows\Tasks
2009-06-01 12:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-30 20:26:26 ----D---- C:\Users\AviG\AppData\Roaming\Nikon
2009-05-30 20:26:24 ----D---- C:\Users\AviG\AppData\Roaming\FileZilla
2009-05-30 20:25:46 ----D---- C:\Users\AviG\AppData\Roaming\Adobe
2009-05-30 20:25:22 ----D---- C:\Program Files\FileZilla FTP Client
2009-05-30 20:00:32 ----D---- C:\preload
2009-05-30 20:00:32 ----D---- C:\$$folder_140
2009-05-30 18:49:27 ----D---- C:\Users\AviG\AppData\Roaming\skypePM
2009-05-30 18:49:26 ----D---- C:\Users\AviG\AppData\Roaming\PandoraRecovery
2009-05-30 18:43:38 ----HD---- C:\System.sav
2009-05-30 18:41:21 ----D---- C:\Program Files\Windows Media Player
2009-05-30 18:40:22 ----D---- C:\Program Files\QuickTime
2009-05-30 18:40:20 ----D---- C:\Program Files\PC Tools AntiVirus
2009-05-30 18:40:20 ----D---- C:\Program Files\Pandora Recovery
2009-05-30 18:40:13 ----D---- C:\Program Files\My Flash Recovery
2009-05-30 17:53:00 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2009-05-30 17:52:39 ----D---- C:\Program Files\AbiSuite2
2009-05-30 17:52:26 ----D---- C:\8a590e8cf77dd18e5dcdfd
2009-05-30 14:10:34 ----D---- C:\Users\AviG\AppData\Roaming\PC Tools
2009-05-30 14:10:03 ----D---- C:\Program Files\HP Games
2009-05-30 14:09:46 ----D---- C:\Program Files\Carbonite
2009-05-28 00:04:19 ----SD---- C:\Windows\Downloaded Program Files
2009-05-23 21:35:03 ----D---- C:\ProgramData\ZoomBrowser
2009-05-23 21:32:54 ----D---- C:\Windows\system32\Tasks
2009-05-23 21:26:00 ----AD---- C:\ProgramData\TEMP
2009-05-23 08:29:18 ----D---- C:\Windows\system32\Adobe
2009-05-22 23:22:28 ----RSD---- C:\Windows\Fonts
2009-05-15 03:07:42 ----RSD---- C:\Windows\assembly
2009-05-15 03:02:12 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PDIHWCTL;PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [2007-01-25 14416]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-16 14208]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 1608192]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2008-03-06 32160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2006-10-20 26368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-07-17 82432]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-01-03 26504]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12); C:\Windows\system32\DRIVERS\swnc8u12.sys [2007-06-27 101248]
R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12); C:\Windows\system32\DRIVERS\swumx12.sys [2007-06-27 73856]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-16 11264]
R4 catchme;catchme; \??\C:\Users\AviG\AppData\Local\Temp\catchme.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 i1;eye-one; C:\Windows\system32\DRIVERS\i1.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 1608192]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys []
S3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-12-18 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-11-28 63080]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-20 72704]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc []
S3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-29 655624]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------
avis101
Active Member
 
Posts: 4
Joined: June 4th, 2009, 12:50 pm

Re: my browser has been hijacked - log included

Unread postby Sharagoz » June 12th, 2009, 2:41 pm

1) Run ComboFix with CFScript
  • Right-click on your desktop, select New -> Text file
  • Name the file CFScript.txt
  • Open CFScript.txt and copy the contents of the code box below into it, save and close
    Code: Select all
    KillAll::
    
    File::
    c:\users\AviG\KrjPrOho.exe
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F642124B-A90C-4B65-AF77-00781B157708}"=-
    "{3D639D05-B5D7-4AE0-A309-D433E18E4AB4}"=-
    "TCP Query User{89A8CF00-EEA9-472B-8248-AC0E137FB2B3}c:\\program files\\limewire\\limewire.exe"=-
    "UDP Query User{9A55BCE9-CE32-46CE-B5AB-E1EB23FEB0E6}c:\\program files\\limewire\\limewire.exe"=-
    "{A110D345-459C-4E67-A6FD-BBDB50285A08}"=-
    "{251FAC5F-58EC-4E67-9357-9DDA355F2CA9}"=-
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}]
    
    Folder::
    c:\program files\BitComet
    c:\programdata\Azureus
    c:\users\AviG\AppData\Roaming\Azureus
    c:\users\AviG\AppData\Roaming\uTorrent
    c:\program files\LimeWire
    c:\users\AviG\AppData\Roaming\LimeWire
    c:\users\Guest\AppData\Roaming\LimeWire
    
    DirLook::
    c:\programdata\WildTangent
    
  • Drag CFScript.txt on top of the ComboFix.exe icon and release
  • ComboFix will start if you did this correctly
  • When ComboFix has finished scanning, a log will open
  • Include this log in your next reply

2) Install anti-virus software
I dont know if you've reinstalled AVG after you uninstalled it, but if not, you need to install AV software right away.
In case you do not want to continue using AVG I'm giving you two good, free alternatives. Download and install one of them, but only install one:

3) Download and run CCleaner
  • Download CCleaner from here
  • Install and launch CCleaner
  • Click the Options button and select Advanced
  • Uncheck the option "Only delete files in Windows Temp folders older than 48 hours"
  • Click the Cleaner button
  • If you wish to avoid being logged out of all websites you're currently logged into, make sure Cookies are unchecked for the web browser(s) you use. Internet Explorer is located under the Windows tab, other browsers are located under the Applications tab
  • Click the Run Cleaner button at the bottom right of the window
  • Click Yes at the prompt and let the cleaner finish
Note:
If there are more than one user account on this computer, run CCleaner using this procedure on all other user accounts as well

4) Run MBAM
    You have Malwarebytes' Anti-Malware installed. Launch it, update it, run a quick scan and post back the log.
    If it finds anything, have it remove everything it finds.

5) Outdated Software
You have outdated versions of Java and Adobe Reader. I recommend you update those because they are so commonly used that if security holes are discovered they are sure to be exploited by malware creators.
  • Go to Add/Remove Programs and uninstall the following:
    Adobe Reader 8
    Java(TM) 6 Update 11
    Java(TM) SE Runtime Environment 6
  • Then download the latest versions from here:
    Java
    Adobe Reader

6) Get new RSIT log
  • Double click on RSIT.exe (on your desktop) to run RSIT
  • Click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply

Logs I need:
ComboFix log
MBAM log
RSIT log

How is the computer running? Still problems?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: my browser has been hijacked - log included

Unread postby NonSuch » June 20th, 2009, 3:45 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware