Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE Redirected and Action Canceled?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE Redirected and Action Canceled?

Unread postby PopaTom » November 28th, 2009, 3:17 pm

Thank You for your help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:08 PM, on 11/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: atisvc_cifhvgia - Unknown owner - C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5292 bytes
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Re: IE Redirected and Action Canceled?

Unread postby MWR 3 day Mod » December 2nd, 2009, 1:59 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: IE Redirected and Action Canceled?

Unread postby Cypher » December 4th, 2009, 1:24 pm

Hi and Welcome, sorry for the delay the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.
  • I am currently reviewing your log, and will return as soon as possible with your next set of instructions.


In the meantime Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

In your next reply.

  • Uninstall list.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 4th, 2009, 11:03 pm

Thank You for replying to my post. I will try to follow along as well as I can and will ask for further directions if I don`t understand how to do as you ask.

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
AT&T Communication Manager
Broadcom 440x 10/100 Integrated Controller
CCleaner
Conexant HDA D110 MDC V.92 Modem
Dell Wireless WLAN Card
Driver Installer
ESPNMotion
Eusing Free Registry Cleaner
GemMaster Mystic
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NinjaTrader 6.5
Otto
PC Tools AntiVirus 6.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
Smart Defrag
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
SpywareBlaster 4.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
WinZip
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby Cypher » December 5th, 2009, 1:45 pm

Hi :)
Thank You for replying to my post.

Your welcome.
I will get back to you as soon as possible with your next set of instructions, Thank you for your patience.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 5th, 2009, 2:48 pm

Thank You, I`ll be watching for your next post.
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby Cypher » December 7th, 2009, 7:55 am

Hi PopaTom.
Sorry for the delay and thank you for your patience.

Registry Cleaners

Re. Eusing Free Registry Cleaner and RegCure


I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

I recommend that you uninstall both from your computer.

Next.


Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

In your next reply.

  • RSIT log.txt.
  • RSIT info.txt
  • Gmer log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 7th, 2009, 12:58 pm

OK, thank you and I`ll be posting results ASAP
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 7th, 2009, 11:08 pm

UPDATE: When I shut down the computer I get this same msg about 4 times before the computer actually begins to shut down. The msg is as follows. I am still getting "redirected" and "Action Cancelled" pages.

"bcmwltry.exe -dll initialization failed"
"The installation failed to initialize because windows is shutting down"

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas H. Pean at 2009-12-07 19:42:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (65%) free of 32 GB
Total RAM: 502 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:13 PM, on 12/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas H. Pean\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thomas H. Pean.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: atisvc_cifhvgia - Unknown owner - C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5169 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-19 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-19 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-19 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-02-19 1374096]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2008-12-01 33280]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-05 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-04-05 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe"="C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\WINDOWS\LMI7.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI7.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\WINDOWS\LMI16C.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI16C.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\WINDOWS\LMI8A.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI8A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\DOCUME~1\THOMAS~1.PEA\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe"="C:\DOCUME~1\THOMAS~1.PEA\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-12-07 19:42:07 ----D---- C:\rsit
2009-12-01 07:36:02 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2009-11-29 14:57:55 ----D---- C:\Documents and Settings\Thomas H. Pean\Application Data\IObit
2009-11-29 14:57:54 ----D---- C:\Program Files\IObit
2009-11-29 13:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\XoftSpySE
2009-11-28 11:01:55 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-28 10:26:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 10:25:29 ----D---- C:\Program Files\Lavasoft
2009-11-28 10:25:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-28 09:13:37 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-27 21:39:52 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-11-27 21:39:50 ----D---- C:\Documents and Settings\Thomas H. Pean\Application Data\AVS4YOU
2009-11-27 21:39:25 ----D---- C:\Program Files\Common Files\AVSMedia
2009-11-27 21:39:24 ----D---- C:\Program Files\AVS4YOU
2009-11-27 21:39:24 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-11-27 20:14:35 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-11-27 20:14:34 ----D---- C:\Program Files\SpywareBlaster
2009-11-26 12:35:58 ----D---- C:\Program Files\Trend Micro
2009-11-26 09:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 09:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 07:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-24 07:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-24 07:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-24 07:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-24 07:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-24 07:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-11-24 07:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-24 07:10:47 ----D---- C:\WINDOWS\ie7updates
2009-11-24 07:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-24 07:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-24 07:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-24 07:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-11-24 07:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-24 07:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-10-30 18:09:41 ----D---- C:\Program Files\Skyhook Wireless
2009-10-30 18:09:41 ----A---- C:\1235700.dll
2009-10-30 18:09:24 ----D---- C:\WINDOWS\system32\bqaibfnfg
2009-10-30 08:39:40 ----D---- C:\WINDOWS\WBEM
2009-10-30 08:37:20 ----HDC---- C:\WINDOWS\ie7
2009-10-30 08:36:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-10-30 08:36:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-10-30 08:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-10-30 08:34:56 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-10-23 08:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-23 08:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-23 08:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-23 08:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-23 08:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-23 08:15:57 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-23 08:15:52 ----D---- C:\Program Files\MSBuild
2009-10-23 08:15:50 ----D---- C:\WINDOWS\system32\en-US
2009-10-23 08:15:27 ----D---- C:\Program Files\Reference Assemblies
2009-10-23 08:14:33 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-23 08:14:32 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-23 08:14:32 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-23 08:14:31 ----D---- C:\033034d4a2e2cd4ba14afe6b
2009-10-23 08:07:38 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-10-23 08:07:29 ----D---- C:\Program Files\MSXML 6.0
2009-10-23 08:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-23 08:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-23 08:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-23 08:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-23 08:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-23 08:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-23 08:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-23 07:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-10-23 07:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-23 07:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-23 07:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-23 07:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-23 07:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-10-23 07:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-23 07:49:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-23 07:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-10-23 07:49:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-23 07:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-23 07:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-23 07:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-10-23 07:45:10 ----D---- C:\Program Files\MSXML 4.0
2009-10-23 07:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-23 07:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-23 07:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-10-06 09:14:09 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-11 14:38:33 ----A---- C:\{EBE098B6-0BA8-49BF-944B-AB0ED336F75E}.dll
2009-09-11 14:38:33 ----A---- C:\{C0B9F0CE-E8D9-41B6-BFF5-45B8645A7352}.dll
2009-09-11 14:38:33 ----A---- C:\{B7A40752-F826-4E36-B916-522B5745C317}.dll
2009-09-11 14:38:33 ----A---- C:\{AA1EDF20-1E87-4684-8103-4E3B21A8023D}.dll
2009-09-11 14:38:33 ----A---- C:\{8A0723F0-54AA-4743-8C2F-12207EE45E7D}.dll
2009-09-11 14:38:33 ----A---- C:\{13F1D69E-E27D-4B43-8D1C-4C85E4E48A1A}.dll
2009-09-11 14:38:20 ----A---- C:\{F2B353A6-0A6C-49B8-B8EB-AAC62C93158B}.dll
2009-09-11 14:38:20 ----A---- C:\{A024FAFE-2980-469A-B7F9-9DE9ED7BBCD5}.dll
2009-09-11 14:38:20 ----A---- C:\{3D0CA2BA-C55E-41D9-A054-933ED4066011}.dll
2009-09-11 14:38:20 ----A---- C:\{06792611-F3E6-4B53-B577-71E15998738D}.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlcese30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceqp30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceoledb30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceme30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceer30EN.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlcecompact30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceca30.dll

======List of files/folders modified in the last 3 months======

2009-12-07 19:41:14 ----D---- C:\WINDOWS\Prefetch
2009-12-07 19:09:10 ----RD---- C:\Program Files
2009-12-07 19:05:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-07 18:59:50 ----D---- C:\WINDOWS\system32
2009-12-07 18:59:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-07 18:57:59 ----SD---- C:\WINDOWS\Tasks
2009-12-07 18:57:58 ----D---- C:\WINDOWS\Temp
2009-12-07 18:56:48 ----D---- C:\WINDOWS
2009-12-07 18:56:46 ----D---- C:\Program Files\PC Tools AntiVirus
2009-12-07 18:55:47 ----D---- C:\WINDOWS\Registration
2009-12-07 14:17:40 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-12-07 14:17:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-07 12:00:48 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-12-06 10:44:44 ----D---- C:\WINDOWS\Debug
2009-11-30 17:32:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-29 13:51:42 ----D---- C:\Program Files\Common Files
2009-11-28 10:29:34 ----HD---- C:\WINDOWS\inf
2009-11-28 10:29:34 ----D---- C:\WINDOWS\system32\drivers
2009-11-28 10:29:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-28 10:26:10 ----SHD---- C:\WINDOWS\Installer
2009-11-28 10:25:22 ----D---- C:\WINDOWS\WinSxS
2009-11-28 09:13:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-27 21:39:28 ----RSD---- C:\WINDOWS\Fonts
2009-11-27 19:48:55 ----SHD---- C:\WINDOWS\CSC
2009-11-26 10:31:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-26 10:30:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-11-26 09:38:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-26 09:35:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-26 08:27:41 ----D---- C:\Program Files\MSN
2009-11-24 07:16:26 ----D---- C:\Program Files\Internet Explorer
2009-11-24 07:09:29 ----RSD---- C:\WINDOWS\assembly
2009-11-05 10:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-30 18:09:24 ----D---- C:\WINDOWS\system32\config
2009-10-30 10:50:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-30 08:42:22 ----D---- C:\WINDOWS\Help
2009-10-30 08:39:16 ----D---- C:\WINDOWS\Media
2009-10-28 08:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-23 10:38:37 ----D---- C:\WINDOWS\system32\wbem
2009-10-23 10:38:37 ----D---- C:\WINDOWS\system32\Setup
2009-10-23 10:38:36 ----D---- C:\WINDOWS\AppPatch
2009-10-23 08:14:50 ----D---- C:\WINDOWS\system32\spool
2009-10-23 07:58:11 ----D---- C:\Program Files\Outlook Express
2009-10-23 07:54:07 ----D---- C:\WINDOWS\ehome
2009-10-20 21:08:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-08 16:39:24 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2009-09-26 03:38:28 ----A---- C:\WINDOWS\ModemLog_Sierra Wireless HSPA Modem.txt
2009-09-19 09:35:06 ----D---- C:\Program Files\Google
2009-09-11 07:03:37 ----A---- C:\WINDOWS\system32\msv1_0.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2008-11-20 18816]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 Wpsnuio;WPS NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\wpsnuio.sys [2009-10-30 13696]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2008-11-20 27072]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 pxtdipob;pxtdipob; \??\C:\DOCUME~1\THOMAS~1.PEA\LOCALS~1\Temp\pxtdipob.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\WINDOWS\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\WINDOWS\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 atisvc_cifhvgia;atisvc_cifhvgia; C:\WINDOWS\system32\bqaibfnfg\atisvc_cifhvgia.exe [2009-10-30 444285]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-03-25 826600]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-28 1184912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-04-05 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-19 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Last edited by PopaTom on December 8th, 2009, 4:11 am, edited 1 time in total.
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 7th, 2009, 11:12 pm

info.txt logfile of random's system information tool 1.06 2009-12-07 19:42:16

======Uninstall list======

-->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG
-->C:\Program Files\Skyhook Wireless\Wi-Fi Service\svcsetup.exe -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AT&T Communication Manager-->MsiExec.exe /X{AF64F216-D859-43FC-9068-0005A41AEBA3}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Driver Installer-->MsiExec.exe /X{F804CAE5-50B2-4646-803A-A428325237CA}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
NinjaTrader 6.5-->MsiExec.exe /I{4539D65F-319C-416F-A17F-827110F4CE22}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC Tools AntiVirus 6.0-->"C:\Program Files\PC Tools AntiVirus\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: PC Tools AntiVirus 6.0.0.19 (disabled)

======System event log======

Computer Name: TOM2
Event Code: 7000
Message: The IMAPI CD-Burning COM Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 13233
Source Name: Service Control Manager
Time Written: 20091006091129.000000-420
Event Type: error
User:

Computer Name: TOM2
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Record Number: 13232
Source Name: Service Control Manager
Time Written: 20091006091129.000000-420
Event Type: error
User:

Computer Name: TOM2
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0016CE720D5A. The IP address being used is 169.254.195.197.

Record Number: 13132
Source Name: Dhcp
Time Written: 20091002105616.000000-420
Event Type: warning
User:

Computer Name: TOM2
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{7F60F8DC-0657-4A74-A1B6-9B4C79294031}.

Record Number: 13131
Source Name: Server
Time Written: 20091002105615.000000-420
Event Type: warning
User:

Computer Name: TOM2
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CE720D5A. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 13130
Source Name: Dhcp
Time Written: 20091002105606.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: TOM2
Event Code: 1000
Message: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 2891
Source Name: Application Error
Time Written: 20090810200239.000000-420
Event Type: error
User:

Computer Name: TOM2
Event Code: 1517
Message: Windows saved user TOM2\Thomas H. Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2881
Source Name: Userenv
Time Written: 20090810110411.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TOM2
Event Code: 1000
Message: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 2880
Source Name: Application Error
Time Written: 20090810110402.000000-420
Event Type: error
User:

Computer Name: TOM2
Event Code: 1517
Message: Windows saved user TOM2\Thomas H. Pean registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2872
Source Name: Userenv
Time Written: 20090808101256.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TOM2
Event Code: 1000
Message: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 2871
Source Name: Application Error
Time Written: 20090808101253.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
IF I`M NOT DOING SOMETHING RIGHT PLEASE TELL ME> THANKS
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby Cypher » December 8th, 2009, 12:00 pm

Hi PopaTom.
Thank you for those scans.
Did you follow the instructions to run GMER?
Could you please post the GMER log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 8th, 2009, 4:03 pm

Hi Cypher;
I thought I had posted a log.txt file, but I did another scan and this is what it gave me:


GMER 1.0.15.15272 - http://www.gmer.net
Rootkit scan 2009-12-08 12:47:03
Windows 5.1.2600 Service Pack 2
Running: 7n4kmggo.exe; Driver: C:\DOCUME~1\THOMAS~1.PEA\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF8283514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF8272282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF8272474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF8283D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF8283FB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82823FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF8284422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF82837D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF8271F32]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs AVRec.sys (PC Tools Recognizer Driver for Windows 2000/XP/PC Tools Research Pty Ltd )
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- EOF - GMER 1.0.15 ----
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby Cypher » December 9th, 2009, 12:17 pm

Hi PopaTom.
Thank you for the gmer log, please continue with the instructions below.


Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe



Next.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    :Services
    atisvc_cifhvgia
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    :Files
    C:\033034d4a2e2cd4ba14afe6b
    C:\{EBE098B6-0BA8-49BF-944B-AB0ED336F75E}.dll
    C:\{C0B9F0CE-E8D9-41B6-BFF5-45B8645A7352}.dll
    C:\{B7A40752-F826-4E36-B916-522B5745C317}.dll
    C:\{AA1EDF20-1E87-4684-8103-4E3B21A8023D}.dll
    C:\{8A0723F0-54AA-4743-8C2F-12207EE45E7D}.dll
    C:\{13F1D69E-E27D-4B43-8D1C-4C85E4E48A1A}.dll
    C:\{F2B353A6-0A6C-49B8-B8EB-AAC62C93158B}.dll
    C:\{A024FAFE-2980-469A-B7F9-9DE9ED7BBCD5}.dll
    C:\{3D0CA2BA-C55E-41D9-A054-933ED4066011}.dll
    C:\{06792611-F3E6-4B53-B577-71E15998738D}.dll
    C:\WINDOWS\system32\bqaibfnfg
    
    :Commands
    [emptytemp]
    [Start Explorer]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next.

    Re-run - RSIT (Random's System Information Tool)

    You should still have this program on your desktop.
    • Double click on RSIT.exe to run it.
    • Please read the disclaimer... click on Continue.
    • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
    • Please post ONLY the "log.txt", file contents in your next reply.
      (This log can be lengthy, so a separate post may be needed.)

    Next.

    Upload a File to Jotti

    Please go to jotti.org

    Copy/paste this file and path into the white box at the top:
    C:\1235700.dll

    Press Submit - this will submit the file for testing.
    Please wait for all the scanners to finish then copy and paste the results in your next response.

    If you have trouble using jotti try Virustotal

    In your next reply.

    • OTM log.
    • RSIT log.txt.
    • jotti or virustotal results.
    • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 9th, 2009, 6:29 pm

Hi Cypher,

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Error: Unable to stop service atisvc_cifhvgia!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atisvc_cifhvgia deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\033034d4a2e2cd4ba14afe6b\i386 folder moved successfully.
C:\033034d4a2e2cd4ba14afe6b\amd64 folder moved successfully.
C:\033034d4a2e2cd4ba14afe6b folder moved successfully.
C:\{EBE098B6-0BA8-49BF-944B-AB0ED336F75E}.dll moved successfully.
C:\{C0B9F0CE-E8D9-41B6-BFF5-45B8645A7352}.dll moved successfully.
C:\{B7A40752-F826-4E36-B916-522B5745C317}.dll moved successfully.
C:\{AA1EDF20-1E87-4684-8103-4E3B21A8023D}.dll moved successfully.
C:\{8A0723F0-54AA-4743-8C2F-12207EE45E7D}.dll moved successfully.
C:\{13F1D69E-E27D-4B43-8D1C-4C85E4E48A1A}.dll moved successfully.
DllUnregisterServer procedure not found in C:\{F2B353A6-0A6C-49B8-B8EB-AAC62C93158B}.dll
C:\{F2B353A6-0A6C-49B8-B8EB-AAC62C93158B}.dll moved successfully.
DllUnregisterServer procedure not found in C:\{A024FAFE-2980-469A-B7F9-9DE9ED7BBCD5}.dll
C:\{A024FAFE-2980-469A-B7F9-9DE9ED7BBCD5}.dll moved successfully.
DllUnregisterServer procedure not found in C:\{3D0CA2BA-C55E-41D9-A054-933ED4066011}.dll
C:\{3D0CA2BA-C55E-41D9-A054-933ED4066011}.dll moved successfully.
DllUnregisterServer procedure not found in C:\{06792611-F3E6-4B53-B577-71E15998738D}.dll
C:\{06792611-F3E6-4B53-B577-71E15998738D}.dll moved successfully.
C:\WINDOWS\system32\bqaibfnfg\Cache\S-1-5-21-1644491937-484061587-682003330-1003\Default\{891CA317-EB89-4025-ABB8-0C1D1472E4E5} folder moved successfully.
C:\WINDOWS\system32\bqaibfnfg\Cache\S-1-5-21-1644491937-484061587-682003330-1003\Default folder moved successfully.
C:\WINDOWS\system32\bqaibfnfg\Cache\S-1-5-21-1644491937-484061587-682003330-1003 folder moved successfully.
C:\WINDOWS\system32\bqaibfnfg\Cache\S-1-5-21-1644491937-484061587-682003330\Default folder moved successfully.
C:\WINDOWS\system32\bqaibfnfg\Cache\S-1-5-21-1644491937-484061587-682003330 folder moved successfully.
C:\WINDOWS\system32\bqaibfnfg\Cache folder moved successfully.
C:\WINDOWS\system32\bqaibfnfg folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Thomas H. Pean
->Temp folder emptied: 269264920 bytes
->Temporary Internet Files folder emptied: 14663687 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1238856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 88 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 12271597 bytes

Total Files Cleaned = 283.76 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12092009_152150

Files moved on Reboot...

Registry entries deleted on Reboot...
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm

Re: IE Redirected and Action Canceled?

Unread postby PopaTom » December 9th, 2009, 6:35 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas H. Pean at 2009-12-09 15:31:43
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (66%) free of 32 GB
Total RAM: 502 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:51 PM, on 12/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Thomas H. Pean\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Thomas H. Pean.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5138 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-19 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-19 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-19 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2009-02-19 1374096]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2008-12-01 33280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-05 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

C:\Documents and Settings\Thomas H. Pean\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-04-05 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe"="C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\WINDOWS\LMI7.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI7.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6.5\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\WINDOWS\LMI16C.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI16C.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\WINDOWS\LMI8A.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI8A.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\DOCUME~1\THOMAS~1.PEA\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe"="C:\DOCUME~1\THOMAS~1.PEA\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-12-09 15:21:50 ----D---- C:\_OTM
2009-12-09 15:17:05 ----D---- C:\WINDOWS\ERDNT
2009-12-09 15:15:10 ----D---- C:\Program Files\ERUNT
2009-12-07 19:42:07 ----D---- C:\rsit
2009-12-01 07:36:02 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2009-11-29 14:57:55 ----D---- C:\Documents and Settings\Thomas H. Pean\Application Data\IObit
2009-11-29 14:57:54 ----D---- C:\Program Files\IObit
2009-11-29 13:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\XoftSpySE
2009-11-28 11:01:55 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-28 10:26:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 10:25:29 ----D---- C:\Program Files\Lavasoft
2009-11-28 10:25:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-28 09:13:37 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-27 21:39:52 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-11-27 21:39:50 ----D---- C:\Documents and Settings\Thomas H. Pean\Application Data\AVS4YOU
2009-11-27 21:39:25 ----D---- C:\Program Files\Common Files\AVSMedia
2009-11-27 21:39:24 ----D---- C:\Program Files\AVS4YOU
2009-11-27 21:39:24 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-11-27 20:14:35 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-11-27 20:14:34 ----D---- C:\Program Files\SpywareBlaster
2009-11-26 12:35:58 ----D---- C:\Program Files\Trend Micro
2009-11-26 09:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 09:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 07:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-24 07:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-24 07:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-24 07:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-24 07:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-24 07:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-11-24 07:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-24 07:10:47 ----D---- C:\WINDOWS\ie7updates
2009-11-24 07:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-24 07:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-24 07:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-24 07:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-11-24 07:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-24 07:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-10-30 18:09:41 ----D---- C:\Program Files\Skyhook Wireless
2009-10-30 18:09:41 ----A---- C:\1235700.dll
2009-10-30 08:39:40 ----D---- C:\WINDOWS\WBEM
2009-10-30 08:37:20 ----HDC---- C:\WINDOWS\ie7
2009-10-30 08:36:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-10-30 08:36:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-10-30 08:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-10-30 08:34:56 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-10-23 08:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-23 08:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-23 08:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-23 08:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-23 08:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-23 08:15:57 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-23 08:15:52 ----D---- C:\Program Files\MSBuild
2009-10-23 08:15:50 ----D---- C:\WINDOWS\system32\en-US
2009-10-23 08:15:27 ----D---- C:\Program Files\Reference Assemblies
2009-10-23 08:14:33 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-23 08:14:32 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-23 08:14:32 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-23 08:07:38 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-10-23 08:07:29 ----D---- C:\Program Files\MSXML 6.0
2009-10-23 08:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-23 08:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-23 08:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-23 08:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-23 08:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-23 08:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-23 08:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-23 07:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-10-23 07:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-23 07:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-23 07:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-23 07:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-23 07:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-10-23 07:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-23 07:49:43 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-23 07:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-10-23 07:49:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-23 07:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-23 07:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-23 07:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-10-23 07:45:10 ----D---- C:\Program Files\MSXML 4.0
2009-10-23 07:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-23 07:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-23 07:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-10-06 09:14:09 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlcese30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceqp30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceoledb30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceme30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceer30EN.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlcecompact30.dll
2009-09-11 14:37:19 ----A---- C:\WINDOWS\system32\sqlceca30.dll

======List of files/folders modified in the last 3 months======

2009-12-09 15:31:39 ----D---- C:\WINDOWS\Prefetch
2009-12-09 15:26:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-09 15:26:08 ----D---- C:\WINDOWS\Temp
2009-12-09 15:25:47 ----D---- C:\Program Files\PC Tools AntiVirus
2009-12-09 15:25:38 ----D---- C:\WINDOWS
2009-12-09 15:25:05 ----SD---- C:\WINDOWS\Tasks
2009-12-09 15:23:47 ----D---- C:\WINDOWS\Registration
2009-12-09 15:22:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-09 15:22:54 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-12-09 15:22:20 ----D---- C:\WINDOWS\system32
2009-12-09 15:15:10 ----RD---- C:\Program Files
2009-12-09 07:36:31 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-12-09 06:34:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-06 10:44:44 ----D---- C:\WINDOWS\Debug
2009-11-30 17:32:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-29 13:51:42 ----D---- C:\Program Files\Common Files
2009-11-28 10:29:34 ----HD---- C:\WINDOWS\inf
2009-11-28 10:29:34 ----D---- C:\WINDOWS\system32\drivers
2009-11-28 10:29:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-28 10:26:10 ----SHD---- C:\WINDOWS\Installer
2009-11-28 10:25:22 ----D---- C:\WINDOWS\WinSxS
2009-11-28 09:13:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-27 21:39:28 ----RSD---- C:\WINDOWS\Fonts
2009-11-27 19:48:55 ----SHD---- C:\WINDOWS\CSC
2009-11-26 10:31:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-26 10:30:30 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-11-26 09:38:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-26 09:35:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-26 08:27:41 ----D---- C:\Program Files\MSN
2009-11-24 07:16:26 ----D---- C:\Program Files\Internet Explorer
2009-11-24 07:09:29 ----RSD---- C:\WINDOWS\assembly
2009-11-05 10:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-30 18:09:24 ----D---- C:\WINDOWS\system32\config
2009-10-30 10:50:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-30 08:42:22 ----D---- C:\WINDOWS\Help
2009-10-30 08:39:16 ----D---- C:\WINDOWS\Media
2009-10-28 08:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-23 10:38:37 ----D---- C:\WINDOWS\system32\wbem
2009-10-23 10:38:37 ----D---- C:\WINDOWS\system32\Setup
2009-10-23 10:38:36 ----D---- C:\WINDOWS\AppPatch
2009-10-23 08:14:50 ----D---- C:\WINDOWS\system32\spool
2009-10-23 07:58:11 ----D---- C:\Program Files\Outlook Express
2009-10-23 07:54:07 ----D---- C:\WINDOWS\ehome
2009-10-20 21:08:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-08 16:39:24 ----A---- C:\WINDOWS\smartkeydiagnostics.txt
2009-09-26 03:38:28 ----A---- C:\WINDOWS\ModemLog_Sierra Wireless HSPA Modem.txt
2009-09-19 09:35:06 ----D---- C:\Program Files\Google
2009-09-11 07:03:37 ----A---- C:\WINDOWS\system32\msv1_0.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2008-11-20 18816]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2009-02-10 21904]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 Wpsnuio;WPS NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\wpsnuio.sys [2009-10-30 13696]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2009-02-10 28560]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2009-02-10 21904]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2008-11-20 27072]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\WINDOWS\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\WINDOWS\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-28 1184912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2009-03-25 826600]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-04-05 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-19 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
PopaTom
Regular Member
 
Posts: 69
Joined: November 27th, 2009, 6:39 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware