Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iexplorer and firefox rogue pages on the newer of my laptops

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

iexplorer and firefox rogue pages on the newer of my laptops

Unread postby nbradshaw » January 1st, 2011, 7:56 pm

I am getting rogue re-directs and random pages opening when using google and bing on iexplorer and firefox. I have also noticed that the computer loads and runs much slower as well. Please help?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:50:08 PM, on 1/1/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://stopidaho.restorationmanager.net ... rview2.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/html - {45f47f9a-91f9-41b7-a624-b394850a75ca} - C:\Windows\msvideo.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f37d89976600) (gupdate1c9f37d89976600) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12389 bytes
nbradshaw
Active Member
 
Posts: 6
Joined: January 1st, 2011, 2:57 pm
Advertisement
Register to Remove

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Gizzy » January 2nd, 2011, 6:05 am

Hello nbradshaw and Welcome to Malware Removal! :)
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:
  • The fixes are specific to your problem and should only be used for this issue on this computer.
  • Perform all actions in the order given.
  • If you don't know or understand something stop and ask! Don't keep going on.
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please DO NOT run any tools or scans unless I ask you to.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
  • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.

Note: As I am still in training, All of my posts must first be checked by an Expert/Teacher, So some delays may be inevitable, please be patient and I will reply again asap.


Uninstall List
  1. Open HijackThis.
  2. Click the Open the Misc Tools section button. (If you don't see that button click the Main Menu button first)
  3. Click the Open Uninstall Manager... button and then click the Save list... button.
  4. Save the uninstall_list.txt file to your HijackThis folder. (C:\Program Files\Trend Micro\HijackThis)
  5. Copy and Paste the contents of uninstall_list.txt in your next reply.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby nbradshaw » January 2nd, 2011, 12:02 pm

The following is the HijackThis uninstall_list.txt file. Thank you in advance for your help!

µTorrent
32 Bit HP CIO Components Installer
7-Zip 4.60 beta
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Reader 8.1.2
Advanced Audio FX Engine
Advanced Video FX Engine
AlacNET Estimator
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ArcSoft PhotoImpression 6
AVG 2011
AVG 2011
AVG 2011
AVG PC Tuneup 2011
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry USB Drivers
BlackBerry® Media Sync
Bonjour
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Business Tools Launcher
BVSInstall
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conduit Engine
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
EDocs
Edraw Max 4
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V200 Photo Scanner Driver Update
EPSON Perfection V200P User's Guide
EPSON Scan
EPSON Scan Assistant
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
IntegriClaim
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 21
Java(TM) 6 Update 5
Laptop Integrated Webcam Driver (1.01.01.0529)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (XACTWARE)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Broadband Drivers
Mozilla Firefox (3.6.13)
MPM
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
Personal Entertainment Launcher
Picasa 3
Product Support Launcher
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Residential Component Technology - Standalone
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimCity 4 Deluxe
SmartDraw PDF Export (novaPDF 6.4 printer)
SmartDraw VP
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
uTorrentBar Toolbar
VLC media player 0.9.6
VZAccess Manager
WebEx
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Xactimate 27
Xvid 1.1.3 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
nbradshaw
Active Member
 
Posts: 6
Joined: January 1st, 2011, 2:57 pm

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Gizzy » January 2nd, 2011, 2:51 pm

Hi nbradshaw,
Is this computer used for personal use only or for business related activities as well?

I see you have Malwarebytes' Anti-Malware installed, Did you run a scan with it recently? If so please post the log if it removed anything.
It can be found here:
  • C:\Users\Username\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


UAC Advice
  • All applications I ask to be used will require to be run in Administrator mode. i.e. Right-click on and select Run as administrator.
  • The Operating System (Windows Vista) in use comes with an inbuilt utility called User Account Control (UAC).
  • When prompted by this with anything I ask you to carry out please select the option Allow.


P2P Warning!
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
uTorrentBar Toolbar


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
Also take note that remnants of the above program(s) and any other P2P program found will be removed when cleaning.

While in Programs and Features also uninstall the following.
  • AVG PC Tuneup 2011
  • Conduit Engine
  • McAfee Security Scan Plus
  • Spybot - Search & Destroy
  • Yahoo! Toolbar


MGA Diagnostic Tool
Download MGA Diagnostic Tool to your Desktop.
  1. Right-click MGADiag.exe and select Run as administrator to launch the program.
  2. Click Continue and let the scan run.
  3. When finished it will have created a log.
  4. Click Copy.
  5. Next open Notepad.
    1. Click Start > Run type Notepad click OK.
    2. This will open an empty Notepad file.
    3. Right-click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    4. Save the file to your Desktop.
  6. Close MGA Diagnostic Tool.
  7. Copy/Paste the log in your next reply please.


Run CKScanner
  1. Please download CKScanner from Here - Important: Save it to your desktop.
  2. Right-click CKScanner.exe and select Run as administrator then click Search For Files.
  3. After a very short time, when the cursor hourglass disappears, Click Save List To File.
  4. A message box will verify the file saved.
  5. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Download and Run RSIT
  1. Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  2. Right-click on RSIT.exe and select Run as administrator to run RSIT
  3. Click Continue at the disclaimer screen
  4. Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  5. Copy & paste the contents of both logs in your next reply


Please reply with:
  • Answer to question(s)
  • MGA Diagnostic Tool log
  • CKScanner log (CKFiles.txt)
  • RSIT logs (log.txt and info.txt)
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby nbradshaw » January 2nd, 2011, 10:23 pm

Gizzy - thank you for your help, I really appreciate it.

Both of the laptops (this one, and the one I will need help with next) are units that used to be daily users for the construction company that I own, and now have been replaced with newer units and came home with me to give us an update from the 2 desktops that we had at home. For full disclosure, there is an estimating system from the company on this computer that I have kept on it in case I ever want to work at home and didn't bring my work laptop with me (not sure why I would need this, but made me feel better not to erase).

The last 2 times I have ran Malware (2 times in the last week) it has not found or removed anything.

Uninstall: I uninstalled all of the programs you stated.

MGA Diagnostic Tool:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {891C519D-5843-4FF5-B6A9-53E3099B543E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Small Business 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_FCEE394C-458-8007041d_025D1FF3-344-8007041d_025D1FF3-229-8007041d_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{891C519D-5843-4FF5-B6A9-53E3099B543E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-562525813-2433130221-2916796976</SID><SYSTEM/><BIOS/><HWID>8A303507010000FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>11CC83490433F10</Val><Hash>UGpTF6zduYMbY6EX7qqJvyWn/7k=</Hash><Pid>81606-904-9070507-64081</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Error 0x8007041D occurred in connecting to the processor on server ..

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAEAAwABAAIAAwABAAAAAwABAAEAeqhu1haWNNRQYkaDvoKiHjxJiMryRfL0bi6Mve4ZrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP TOSCPL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
TCPA Intel CRESTLNE
TMOR PTLTD
OSFR TOSHIB A+2nd ID
APIC INTEL CRESTLNE
SLIC DELL M08
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci

CK Scanner

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\nwb\misc\cracking_the_millionaire_code.zip
scanner sequence 3.AP.11
----- EOF -----

RSIT Log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by NWB at 2011-01-02 19:11:26
WIN_VISTA Service Pack 1
System drive C: has 127 GB (56%) free of 228 GB
Total RAM: 3062 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:10 PM, on 1/2/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Users\NWB\Downloads\RSIT.exe
C:\Program Files\trend micro\NWB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-562525813-2433130221-2916796976-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-562525813-2433130221-2916796976-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://stopidaho.restorationmanager.net ... rview2.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/html - {45f47f9a-91f9-41b7-a624-b394850a75ca} - C:\Windows\msvideo.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f37d89976600) (gupdate1c9f37d89976600) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10794 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-562525813-2433130221-2916796976-1000.job
C:\Windows\tasks\SDMsgUpdate (SD).job
C:\Windows\tasks\User_Feed_Synchronization-{0FBAB9CB-3962-4D46-BC09-09B8061CB59C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-12-02 382720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-11-22 2732896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-02-21 159744]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-21 4907008]
"OEM13Mon.exe"=C:\Windows\OEM13Mon.exe [2008-07-16 36864]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-07-03 3563520]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-10-12 102400]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-10 648536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"TkBellExe"=C:\Program Files\real\realplayer\update\realsched.exe [2010-12-02 274608]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-10-22 2745696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2010-06-01 5252408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-02 19:11:26 ----D---- C:\rsit
2011-01-02 18:55:21 ----D---- C:\MGADiagToolOutput
2011-01-02 18:19:23 ----D---- C:\ProgramData\Office Genuine Advantage
2011-01-01 12:02:57 ----D---- C:\Program Files\Trend Micro
2010-12-28 07:46:26 ----HD---- C:\$AVG
2010-12-21 07:21:29 ----SHD---- C:\Windows\%APPDATA%
2010-12-15 08:00:16 ----ASH---- C:\hiberfil.sys
2010-12-15 07:35:16 ----A---- C:\Windows\ntbtlog.txt
2010-12-14 07:56:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-14 07:56:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-12-13 17:38:59 ----D---- C:\Users\NWB\AppData\Roaming\AVG10
2010-12-13 17:37:03 ----HD---- C:\ProgramData\Common Files
2010-12-13 17:35:51 ----D---- C:\Windows\system32\drivers\AVG
2010-12-13 17:35:51 ----D---- C:\ProgramData\AVG10
2010-12-13 17:35:26 ----D---- C:\Program Files\AVG
2010-12-12 21:33:28 ----D---- C:\Users\NWB\AppData\Roaming\Malwarebytes
2010-12-12 21:33:19 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-12-12 21:33:18 ----D---- C:\ProgramData\Malwarebytes
2010-12-12 21:33:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-12 21:33:15 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-12-11 21:31:37 ----D---- C:\ProgramData\MFAData
2010-12-08 04:12:38 ----A---- C:\Windows\system32\drivers\avgldx86.sys

======List of files/folders modified in the last 1 months======

2011-01-02 19:19:04 ----D---- C:\Windows\Temp
2011-01-02 18:58:57 ----D---- C:\Windows\Tasks
2011-01-02 18:19:23 ----HD---- C:\ProgramData
2011-01-02 18:07:19 ----D---- C:\Program Files\Yahoo!
2011-01-02 18:05:20 ----D---- C:\Program Files
2011-01-02 18:04:25 ----AD---- C:\ProgramData\TEMP
2011-01-02 18:03:46 ----D---- C:\Windows\system32\Tasks
2011-01-02 18:02:31 ----D---- C:\Program Files\uTorrentBar
2011-01-02 17:58:19 ----D---- C:\Windows\System32
2011-01-02 17:58:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-02 17:58:18 ----D---- C:\Windows\inf
2011-01-01 14:01:03 ----D---- C:\Windows\system32\config
2011-01-01 12:04:00 ----D---- C:\Windows\Prefetch
2011-01-01 12:02:57 ----SHD---- C:\Windows\Installer
2011-01-01 12:02:57 ----HD---- C:\Config.Msi
2010-12-28 07:30:53 ----D---- C:\Windows\Minidump
2010-12-28 07:30:34 ----D---- C:\Windows
2010-12-27 10:15:50 ----SHD---- C:\System Volume Information
2010-12-27 07:31:46 ----D---- C:\Windows\system32\catroot2
2010-12-22 07:16:15 ----D---- C:\Windows\system32\drivers\etc
2010-12-17 08:41:05 ----D---- C:\Windows\system32\drivers
2010-12-15 09:00:45 ----D---- C:\Program Files\real
2010-12-13 19:16:56 ----SD---- C:\Windows\Downloaded Program Files
2010-12-13 17:25:40 ----D---- C:\ProgramData\Alwil Software
2010-12-13 17:23:45 ----D---- C:\Program Files\Mozilla Firefox
2010-12-12 21:50:34 ----D---- C:\Windows\SchCache
2010-12-11 03:46:39 ----D---- C:\Users\NWB\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-03-18 305176]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2009-07-07 26672]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2009-07-07 27696]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-07-03 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-07-03 1207288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-21 2054872]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-21 48472]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-21 43480]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM13Vfx.sys [2008-07-16 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver; C:\Windows\system32\DRIVERS\OEM13Vid.sys [2008-07-16 235840]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112]
S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-21 155136]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\Windows\system32\DRIVERS\nwusbser2.sys [2007-04-19 99200]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-20 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-21 77824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2008-11-21 20376]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-07-03 24064]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9f37d89976600;Google Update Service (gupdate1c9f37d89976600); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-22 133104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------


RSIT Info.txt

info.txt logfile of random's system information tool 1.08 2011-01-02 19:19:14

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AlacNET Estimator-->MsiExec.exe /I{FE36A4B6-EAC0-4E8A-BA8D-4C01CE0FABD2}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\Windows\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{04E7A3BB-DB38-481C-A809-35FA60C78EDF}
AVG 2011-->MsiExec.exe /I{F4C68898-EBA5-46A9-82B3-2D30426086BF}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{CE86E2F5-850C-4207-94A3-A58D647B1733}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{CE86E2F5-850C-4207-94A3-A58D647B1733}
BlackBerry Device Software Updater-->MsiExec.exe /X{3360D505-B0AA-4284-92DF-F872AF90A448}
BlackBerry USB Drivers-->MsiExec.exe /X{A1BC9F13-59FE-43E4-8498-DF5A721196C5}
BlackBerry® Media Sync-->MsiExec.exe /X{40A594D0-1490-4979-9382-D2B764F949C6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Tools Launcher-->MsiExec.exe /I{75685CA8-0B74-45BB-9C64-744A0FB79EDC}
BVSInstall-->MsiExec.exe /I{003DF6C7-2E32-46E1-8CAE-3BB038F88CBB}
Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Edraw Max 4-->"C:\Program Files\Edraw Max\unins000.exe"
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON Perfection V200 Photo Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C278B97-9D25-48B0-9A4E-F4F2BB992043}\Setup.exe" -l0x9
EPSON Perfection V200P User's Guide-->C:\Program Files\epson\guide\perfv200p_e\uninstall.exe
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Google Chrome-->"C:\Program Files\Google\Chrome\Application\8.0.552.224\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Officejet Pro All-In-One Series-->C:\Program Files\HP\Digital Imaging\{868EA922-5675-4E91-BDA6-BBD0F923C5EF}\setup\hpzscr01.exe -datfile hpwscr05.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IntegriClaim-->C:\PROGRA~1\MSBINT~1\UNINSTAL.EXE C:\PROGRA~1\MSBINT~1\INSTALL.LOG
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Laptop Integrated Webcam Driver (1.01.01.0529) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM013.uns -plugin OEM13Pin.dll -pluginres OEM13Pin.crl -nodisconprompt
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}
Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007-->MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Express Edition (XACTWARE)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mobile Broadband Drivers-->MsiExec.exe /X{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPM-->MsiExec.exe /X{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Network Magic-->"C:\ProgramData\Pure Networks\Setup\nmsetup.exe" /uninstall
Personal Entertainment Launcher-->MsiExec.exe /I{37F964E4-9C3F-4066-B933-1747D3AC6737}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Product Support Launcher-->MsiExec.exe /I{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Residential Component Technology - Standalone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{024E6362-7D37-4D78-93F9-00C1747DA645}\Setup.exe" Uninstall
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SmartDraw PDF Export (novaPDF 6.4 printer)-->"C:\Program Files\SmartDraw PDF Export\PDFFilter\unins000.exe"
SmartDraw VP-->C:\PROGRA~1\SMARTD~3\UNWISE.EXE C:\PROGRA~1\SMARTD~3\INSTALL.LOG
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (KB2443839)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {E8CFA21A-2D44-446D-8324-ADFA3C9FCAD2}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
WebEx-->C:\PROGRA~2\WebEx\atcliun.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xactimate 27-->MsiExec.exe /X{00270000-8116-4423-99E0-4A5D07E678E8}
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
nbradshaw
Active Member
 
Posts: 6
Joined: January 1st, 2011, 2:57 pm

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Gizzy » January 3rd, 2011, 12:34 pm

Hi nbradshaw,

Disable Windows Defender
  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top, Then under Settings, click on Options.
  3. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended).
  4. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended).
  5. Click on the Save button at the bottom right hand corner.

    Note: Please do not Re-enable this until I tell you to do so.


Fix HijackThis Entries
  1. Open HijackThis (Right-click and select Run as administrator)
  2. Click Scan
  3. Tick the box next to the following entries (if present)

    • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    • R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    • R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    • O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
    • O18 - Filter hijack: text/html - {45f47f9a-91f9-41b7-a624-b394850a75ca} - C:\Windows\msvideo.dll

  4. Close all open windows/browsers and click Fix checked
  5. Reboot your computer


Download and run OTM
  1. Please download OTM to your Desktop.
  2. Right-click OTM.exe and select Run as administrator to run it.
  3. Copy and Paste the contents of the Code box below into the Paste Instructions for Items to be Moved box (under the yellow bar)
    Code: Select all
    :Files
    C:\Windows\msvideo.dll
    C:\ProgramData\Spybot - Search & Destroy
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\uTorrentBar
    C:\ProgramData\Alwil Software
    
    :Commands
    [EmptyTemp]
    [EmptyFlash]
  4. Then click the red MoveIt! button.
  5. Copy everything in the Results box (under the green bar) and paste it into your next reply.

    Note: If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.


Gmer Rootkit Scanner
Download GMER Rootkit Scanner from here & save it to your desktop.
  1. Right-click the .exe file and select Run as administrator. If asked to allow gmer.sys driver to load, please consent
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Image
      Click the image to enlarge it
  4. Then click the Scan button & wait for it to finish
  5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  6. Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.


Please reply with:
  • OTM Results
  • Gmer log
  • New HijackThis log
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby nbradshaw » January 3rd, 2011, 9:49 pm

OTM:
All processes killed
========== FILES ==========
File/Folder C:\Windows\msvideo.dll not found.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
File/Folder C:\Program Files\uTorrentBar not found.
C:\ProgramData\Alwil Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nicholas Bradshaw

User: NWB
->Temp folder emptied: 9150038 bytes
->Temporary Internet Files folder emptied: 95835466 bytes
->Java cache emptied: 95724 bytes
->FireFox cache emptied: 62443216 bytes
->Google Chrome cache emptied: 8059079 bytes
->Flash cache emptied: 30246 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16102555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33672029 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1096757 bytes
RecycleBin emptied: 63532591 bytes

Total Files Cleaned = 277.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 01032011_175725

Files moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\13\atashost.log scheduled to be moved on reboot.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0JPAOSR\dailyappshow-191694-09-07-2009[1].mp4 moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0JPAOSR\fw-nonplayer-banner[2].htm not found!
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0JPAOSR\fw-nonplayer-banner[5].htm not found!
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0JPAOSR\iframe3[1].htm not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0JPAOSR\sync-min[1].htm moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0JPAOSR\xd_receiver[2].htm not found!
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTE37QGG\01[1].htm not found!
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTE37QGG\channels[1].txt not found!
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTE37QGG\display_iab_ads[1].htm not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTE37QGG\ff2[1].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTE37QGG\fw-nonplayer-banner[2].htm moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTE37QGG\mevio_com[1].txt not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CMXL00L\load[2] moved successfully.

Registry entries deleted on Reboot...

GMER:
Windows would shut down and the computer would reboot automatically, so I was unable to complete this scan.

New HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:48:56 PM, on 1/3/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://stopidaho.restorationmanager.net ... rview2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/html - {45f47f9a-91f9-41b7-a624-b394850a75ca} - C:\Windows\msvideo.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9f37d89976600) (gupdate1c9f37d89976600) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10245 bytes
nbradshaw
Active Member
 
Posts: 6
Joined: January 1st, 2011, 2:57 pm

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Gizzy » January 4th, 2011, 9:38 am

Hi nbradshaw,
Lets try RKUnHooker instead of Gmer.

Scan With RKUnHooker
  1. Please Download Rootkit Unhooker Save it to your desktop.
  2. Now right-click on RKUnhookerLE.exe and select Run as administrator to run it.
  3. Click the Report tab, then click Scan.
  4. Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  5. Wait till the scanner has finished and then click File, Save Report.
  6. * This can take a while. Please be patient *.
  7. Save the report somewhere where you can find it. Click Close.
  8. Copy the entire contents of this log in your next reply.
  9. This log can be lengthy you may have to post it in separate replies.

    Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Gizzy » January 6th, 2011, 10:12 am

Hi nbradshaw,

Do you still require assistance?
If you do not reply to this topic within 24 hours of this post, it will be closed due to inactivity.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby nbradshaw » January 6th, 2011, 1:19 pm

I apologize for the delay, I have been traveling for work but will run the report tonight and post the log here.
nbradshaw
Active Member
 
Posts: 6
Joined: January 1st, 2011, 2:57 pm

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby nbradshaw » January 9th, 2011, 12:55 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x90601000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x83018000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x83018000 PnpManager 3903488 bytes
0x83018000 RAW 3903488 bytes
0x83018000 WMIxWDM 3903488 bytes
0x81AF0000 Win32k 2109440 bytes
0x81AF0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90200000 C:\Windows\system32\drivers\RTKVHDA.sys 2052096 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8FE0F000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1220608 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8B60D000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x83802000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x83A0D000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB04F7000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x83B11000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x83609000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAEE07000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x90CBC000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x80604000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x83742000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAEF21000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xB0486000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x80736000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x91008000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x90181000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8068D000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80482000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x837B3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x90D73000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x910E4000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x91087000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x83938000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB37B2000 C:\Windows\system32\DRIVERS\OEM13Vid.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xB040D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B71C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x90000000 C:\Windows\system32\DRIVERS\NWADIenum.sys 212992 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0x9004B000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x833D1000 ACPI_HAL 208896 bytes
0x833D1000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x836F6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x901C9000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x83972000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x839A2000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90090000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8390D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x805A3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAEEC6000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xB3602000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x91185000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB045E000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8B76C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E4000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8FF83000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x900BD000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x839D0000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8FF39000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8B7A4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x90118000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAEFD9000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x805E1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x836D8000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAEF8E000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x83AF6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x911D3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAEFAB000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90DD2000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB0446000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x910CD000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x83BE7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB379B000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB3632000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x91050000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9016B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAEFC4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807CF000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x807BB000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x805CD000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8FFB8000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAEF0E000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91074000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x90DC0000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8B793000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9007F000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80469000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x83728000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xAEEB6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8079C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8FF5B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x807E4000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x83BD8000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x911C4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B75D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x807AC000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90DB1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80727000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FF6B000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x81D30000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x91066000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90154000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80787000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x911AD000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90DEA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9003E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x90D5B000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80680000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x900E2000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xB05DF000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9010C000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB04EC000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8FFCB000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8FFD8000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x90149000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x83A00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FFA9000 C:\Windows\system32\DRIVERS\o2media.sys 45056 bytes (O2Micro , o2media)
0x8FFEE000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B7E9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90D68000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB0400000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8071D000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x911BA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x90034000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAEEF0000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x910C3000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8FF79000 C:\Windows\system32\DRIVERS\o2sd.sys 40960 bytes (O2Micro , O2Micro SD Reader Driver)
0xAEEFA000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0xAEF04000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0x83738000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB05D5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B7D3000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x8B7C5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x903F5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB37EE000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x90162000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81D10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B7F4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B600000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D3000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8FFE3000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x836D0000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xB362A000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
0x8047A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x806DC000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90139000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90141000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FE00000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8B755000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x900F5000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90105000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80780000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x900EE000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80795000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FE08000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8B7CE000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8FFB4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8071A000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8FFEB000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0x88442000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB37EC000 C:\Windows\system32\DRIVERS\OEM13Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x8FFF9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FFD6000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x01B30000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x8921C748 ] PID: 4680, 28672 bytes
0x05A70000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x8B3BF020 ] PID: 1908, 3952640 bytes
0x005D0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x8921C748 ] PID: 4680, 45056 bytes
0x04090000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8B3BF020 ] PID: 1908, 507904 bytes
0x04AB0000 Hidden Image-->msvcm80.dll [ EPROCESS 0xBA5BC4D0 ] PID: 2452, 507904 bytes
0x01C30000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x8B3BF020 ] PID: 1908, 77824 bytes
0x023E0000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0xBA5BC4D0 ] PID: 2452, 77824 bytes
0x00560000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x8921C748 ] PID: 4680, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Users\NWB\Documents\Downloads\Backup-(2010-07-15).ipd::$DATA
!-->[Hidden] C:\Users\NWB\Documents\Downloads\LoaderBackup-(2010-07-15).ipd::$DATA
!-->[Hidden] C:\Users\NWB\Documents\Downloads\LoaderBackup-(2010-07-21).ipd::$DATA
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x830CCEEA-->830CCEF1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8F78, Type: Inline - RelativeJump 0x830D0F78-->830D0F67 [ntkrnlpa.exe]
[1172]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x080E166C-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x080E1AC4-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x080E1A50-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x080E19F0-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x080E19A8-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x080E1914-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x080E1714-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x77D5145C-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [yui.dll]
[1172]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]
[2160]sqlbrowser.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x740324B9-->00000000 [unknown_code_page]
[2160]sqlbrowser.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x74035604-->00000000 [unknown_code_page]
[2160]sqlbrowser.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x740357C5-->00000000 [unknown_code_page]
[2160]sqlbrowser.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76EC99E8-->00000000 [unknown_code_page]
[2160]sqlbrowser.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76EC8968-->00000000 [unknown_code_page]
[2160]sqlbrowser.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76EC92A8-->00000000 [unknown_code_page]
[2416]YahooAUService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x00467054-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00467088-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00467090-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00467004-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00467084-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0046707C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B71130-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00467138-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x004670C8-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004670D8-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x00467250-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x004670AC-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x00467108-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004670F0-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->kernel32.dll-->MoveFileA, Type: IAT modification 0x00467254-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x6C941258-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6C941268-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x6C941274-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6C941254-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6C94125C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C94123C-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x080E1BFC-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x080E1B30-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x080E1CB0-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x080E1B50-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x080E1CF4-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x080E1B28-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x080E1B2C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x080E1B70-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x080E1CC0-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x080E125C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x080E1460-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x080E13B4-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x080E13C0-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x080E130C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x080E13B8-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x70411278-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x70411208-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x7041123C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x704111E8-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x70411280-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x7041124C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x7041127C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x70411204-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x704112F0-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x70411400-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x704113FC-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x704113D4-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x70411364-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x7041132C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x70411320-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x70411324-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x70411328-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x70411308-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x70411484-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2416]YahooAUService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[5040]realsched.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x74D96E2D-->00000000 [unknown_code_page]
[5464]explorer.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x740324B9-->00000000 [unknown_code_page]
[5464]explorer.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x74035604-->00000000 [unknown_code_page]
[5464]explorer.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x740357C5-->00000000 [unknown_code_page]
[5464]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76EC99E8-->00000000 [unknown_code_page]
[5464]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76EC8968-->00000000 [unknown_code_page]
[5464]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76EC92A8-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
nbradshaw
Active Member
 
Posts: 6
Joined: January 1st, 2011, 2:57 pm

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Gizzy » January 9th, 2011, 8:38 pm

Hi nbradshaw,
Do you use a router?

Run RSIT
You should still have this program on your computer.

  1. Right-click on RSIT.exe and select Run as administrator to run RSIT
  2. Click Continue at the disclaimer screen
  3. Once it has finished, only one log will open, log.txt (<<will be maximized)
  4. Copy & paste the contents of the log in your next reply


MBRCheck
  1. Please download MBRCheck.exe and save it to your desktop.
  2. Right-click on MBRCheck.exe and select Run as administrator to run it.
  3. A window similar to this should open on your desktop:

    Image
  4. If you are prompted with options, enter N at the prompt and press Enter
  5. Press Enter again.
  6. A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  7. Please post the contents of the log in your next reply.


Please reply with:
  • Answer to question
  • RSIT log.txt
  • MBRCheck log
  • An update on how your computer is running now, Any old problems still remaining and/or new problems.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: iexplorer and firefox rogue pages on the newer of my lap

Unread postby Elrond » January 13th, 2011, 2:43 am

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware