Hello,
Thanks for your help thus far. Here are the requested log files.
RSIT log.text:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Patterson at 2010-03-21 11:27:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 123 GB (53%) free of 230 GB
Total RAM: 2938 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:35 AM, on 3/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Patterson\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Patterson\Desktop\RSIT.exe
C:\Program Files\trend micro\Patterson.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Patterson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Patterson\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RMWPService - Apache Software Foundation - C:\Program Files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6397 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4156990812-1516790887-472691009-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4156990812-1516790887-472691009-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{3BDEFB4E-4148-451B-AA6F-92EFC2A713E4}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-25 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-03 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-03 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-03 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6295552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-09 835584]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2008-04-03 317280]
"VAIOMyMemCenter"=C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [2008-02-29 679936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-25 2043160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Google Update"=C:\Users\Patterson\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-09 133104]
"googletalk"=C:\Users\Patterson\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-17 257440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-07-03 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [2008-07-25 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.LNK]
C:\DDI\AOLICON.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-03 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2008-07-15 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 3 months======
2010-03-21 11:27:12 ----D---- C:\rsit
2010-03-21 11:27:12 ----D---- C:\Program Files\trend micro
2010-03-13 14:45:27 ----D---- C:\Users\Patterson\AppData\Roaming\Malwarebytes
2010-03-13 14:45:21 ----D---- C:\ProgramData\Malwarebytes
2010-03-13 14:45:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-12 04:01:30 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-12 04:01:29 ----A---- C:\Windows\system32\httpapi.dll
2010-03-11 17:05:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-11 17:05:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-28 15:31:15 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-23 18:59:04 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 18:58:48 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 18:58:47 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 18:58:42 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 18:58:42 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 18:58:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 18:58:42 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 18:58:42 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 18:58:42 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 18:58:41 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 18:58:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-23 18:58:37 ----A---- C:\Windows\system32\gameux.dll
2010-02-23 18:58:37 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-20 16:42:53 ----D---- C:\Program Files\Common Files\DivX Shared
2010-02-14 19:34:34 ----SHD---- C:\$RECYCLE.BIN
2010-02-14 19:34:32 ----D---- C:\Windows\temp
2010-02-14 19:34:31 ----A---- C:\ComboFix.txt
2010-02-14 19:25:43 ----A---- C:\Windows\zip.exe
2010-02-14 19:25:43 ----A---- C:\Windows\SWSC.exe
2010-02-14 19:25:43 ----A---- C:\Windows\SWREG.exe
2010-02-14 19:25:43 ----A---- C:\Windows\sed.exe
2010-02-14 19:25:43 ----A---- C:\Windows\PEV.exe
2010-02-14 19:25:43 ----A---- C:\Windows\NIRCMD.exe
2010-02-14 19:25:43 ----A---- C:\Windows\MBR.exe
2010-02-14 19:25:43 ----A---- C:\Windows\grep.exe
2010-02-14 19:25:37 ----D---- C:\Windows\ERDNT
2010-02-14 19:25:05 ----D---- C:\Qoobox
2010-02-14 19:24:48 ----A---- C:\Windows\SWXCACLS.exe
2010-02-14 18:54:38 ----D---- C:\Program Files\TrendMicro
2010-02-11 21:21:25 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 21:21:25 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 21:21:25 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 21:21:25 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 21:21:24 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 21:21:24 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 21:21:24 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 21:21:24 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 21:21:24 ----A---- C:\Windows\system32\avifil32.dll
2010-02-08 23:50:55 ----D---- C:\ProgramData\FLEXnet
2010-02-08 23:50:15 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-02-08 23:49:52 ----D---- C:\ProgramData\Rosetta Stone
2010-02-01 20:10:30 ----A---- C:\Windows\unvise32.exe
2010-02-01 20:09:17 ----D---- C:\Program Files\The Rosetta Stone
2010-01-21 15:30:38 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 15:30:37 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 15:30:36 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 15:30:34 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 15:30:33 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 15:30:32 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 15:30:32 ----A---- C:\Windows\system32\ieencode.dll
2010-01-21 15:30:31 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-13 14:41:45 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 14:41:45 ----A---- C:\Windows\system32\fontsub.dll
2010-01-06 12:36:23 ----D---- C:\Windows\pss
======List of files/folders modified in the last 3 months======
2010-03-21 11:27:26 ----D---- C:\Windows\Prefetch
2010-03-21 11:27:12 ----RD---- C:\Program Files
2010-03-21 10:40:54 ----SHD---- C:\System Volume Information
2010-03-18 18:47:28 ----D---- C:\Users\Patterson\AppData\Roaming\EndNote
2010-03-16 17:46:26 ----SHD---- C:\Windows\Installer
2010-03-16 17:46:26 ----D---- C:\ProgramData
2010-03-16 17:46:26 ----D---- C:\Program Files\Google
2010-03-16 17:46:26 ----D---- C:\Config.Msi
2010-03-16 17:46:14 ----D---- C:\Program Files\uTorrent
2010-03-16 17:46:13 ----D---- C:\Users\Patterson\AppData\Roaming\uTorrent
2010-03-16 02:31:49 ----D---- C:\$AVG8.VAULT$
2010-03-15 09:51:37 ----D---- C:\Windows\System32
2010-03-15 09:51:37 ----D---- C:\Windows\inf
2010-03-15 09:51:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-13 20:26:59 ----D---- C:\Windows\system32\drivers
2010-03-13 20:26:59 ----D---- C:\Windows\Microsoft.NET
2010-03-12 04:33:34 ----D---- C:\Windows\winsxs
2010-03-12 04:23:22 ----D---- C:\Windows\system32\catroot
2010-03-12 04:23:18 ----D---- C:\Windows\system32\catroot2
2010-03-12 04:20:58 ----D---- C:\Program Files\Windows Mail
2010-03-12 04:20:58 ----D---- C:\Program Files\Movie Maker
2010-03-12 04:05:20 ----D---- C:\ProgramData\Microsoft Help
2010-03-02 00:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 04:35:25 ----D---- C:\Windows\rescache
2010-02-24 04:18:00 ----D---- C:\Windows\system32\en-US
2010-02-24 04:17:44 ----RSD---- C:\Windows\Fonts
2010-02-24 04:17:44 ----D---- C:\Windows\AppPatch
2010-02-20 16:43:03 ----D---- C:\Program Files\DivX
2010-02-20 16:42:53 ----D---- C:\Program Files\Common Files
2010-02-18 08:13:21 ----D---- C:\Program Files\Mozilla Firefox
2010-02-17 18:08:40 ----D---- C:\Users\Patterson\AppData\Roaming\Mozilla
2010-02-14 19:34:32 ----D---- C:\Windows
2010-02-14 19:32:39 ----A---- C:\Windows\system.ini
2010-02-14 18:54:40 ----SD---- C:\Users\Patterson\AppData\Roaming\Microsoft
2009-12-25 12:33:54 ----D---- C:\Users\Patterson\AppData\Roaming\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-12 108552]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2008-07-11 10216]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2009-02-10 82320]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-01-24 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-06-27 68608]
R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2008-06-20 46592]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-01-24 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-06-09 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-01-24 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-01-24 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-03 2377216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2149912]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-12-10 47360]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-09 181560]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-01-24 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-27 310272]
S3 catchme;catchme; \??\C:\Users\PATTER~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-06-06 131000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 RtkAudioService;Realtek Audio Service; C:\Windows\RtkAudioService.exe [2008-07-03 104992]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2008-07-15 182112]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-01-24 386560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-08 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2008-05-20 53248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2008-05-20 53248]
S3 RMWPService;RMWPService; C:\Program Files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-28 20537]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2008-05-20 77824]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
==========================================
RSIT info.txt:
info.txt logfile of random's system information tool 1.06 2010-03-21 11:27:37
======Uninstall list======
-->"C:\Program Files\InstallShield Installation Information\{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9973498D-EA29-4A68-BE0B-C88D6E03E928}\Setup.exe" -l0x9
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Click to Disc Editor-->C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x0409
Click to Disc-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0009 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.2.3.81-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Talk Plugin-->MsiExec.exe /I{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}
GPSU version 5.01-->"C:\Program Files\GPS Utility\unins000.exe"
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{67E03279-F703-408F-B4BF-46B5FC8D70CD}
Mozilla Firefox (3.5.
-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenMG Secure Module 5.1.00-->C:\Program Files\InstallShield Installation Information\{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}\IS_Setup.exe -l0x0409 /z"UNINSTALL"
OpenOffice.org 2.2-->MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Reference Manager 12 Professional Edition-->MsiExec.exe /I{8BCAC105-C501-41F9-AED1-587024ABCA8C}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Setting Utility Series-->"C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x0009 -removeonly
Skype™ 3.8-->MsiExec.exe /I{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0009 -removeonly
SURsoft-->MsiExec.exe /I{84F85593-56B2-445F-B487-7AE9D59ADF6E}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Rosetta Stone-->C:\Windows\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
UltraISO Premium V9.33-->"C:\Program Files\UltraISO\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{FE697886-F392-4E0D-A0C0-47587BF60992}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{CB8A8696-93EC-414E-A752-850AB133F68A}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->"C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Data Restore Tool-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO DVD Menu Data Basic-->C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Event Service-->"C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F839384-6AB0-449B-8772-25E607036357}\setup.exe" -l0x9 -removeonly
VAIO Launcher-->"C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Media plus-->"C:\Program Files\InstallShield Installation Information\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO MusicBox Sample Music-->"C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO MusicBox-->"C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO My Memory Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}\setup.exe" -l0x9 -removeonly
VAIO OOBE and Welcome Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B500D37-E7CF-480B-8054-8A563594EC4E}\setup.exe" -l0x9 -removeonly
VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Power Management-->"C:\Program Files\InstallShield Installation Information\{5F5867F0-2D23-4338-A206-01A76C823924}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Presentation Support-->"C:\Program Files\InstallShield Installation Information\{2018C019-30D9-4240-8C01-0865C10DCF5A}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Survey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34B37A74-125E-4406-87BA-E4BD3D097AE5}\setup.exe" -l0x9 -removeonly
VAIO Update 4-->"C:\Program Files\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Wallpaper Contents-->"C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Patterson-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 50732
Source Name: Microsoft-Windows-Servicing
Time Written: 20090703071008.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Patterson-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 50700
Source Name: Microsoft-Windows-Servicing
Time Written: 20090703071008.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Patterson-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 50695
Source Name: Microsoft-Windows-Servicing
Time Written: 20090703071008.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Patterson-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 50692
Source Name: Microsoft-Windows-Servicing
Time Written: 20090703071008.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Patterson-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 50688
Source Name: Microsoft-Windows-Servicing
Time Written: 20090703071008.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Patterson-PC
Event Code: 7
Message:
Record Number: 1057
Source Name: VzCdbSvc
Time Written: 20081205200150.000000-000
Event Type: Error
User:
Computer Name: Patterson-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 1055
Source Name: Microsoft-Windows-WMI
Time Written: 20081205200141.000000-000
Event Type: Error
User:
Computer Name: Patterson-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 1049
Source Name: Microsoft-Windows-Search
Time Written: 20081205200126.000000-000
Event Type: Warning
User:
Computer Name: WIN-USCFVEAEHCL
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 1040
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20081205194728.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: WIN-USCFVEAEHCL
Event Code: 7
Message:
Record Number: 1036
Source Name: VzCdbSvc
Time Written: 20081205194551.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: WIN-USCFVEAEHCL
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-USCFVEAEHCL$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1431
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080927060134.277144-000
Event Type: Audit Success
User:
Computer Name: WIN-USCFVEAEHCL
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1430
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080927060133.980744-000
Event Type: Audit Success
User:
Computer Name: WIN-USCFVEAEHCL
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: WIN-USCFVEAEHCL$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1429
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080927060133.980744-000
Event Type: Audit Success
User:
Computer Name: WIN-USCFVEAEHCL
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-USCFVEAEHCL$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1428
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080927060133.980744-000
Event Type: Audit Success
User:
Computer Name: WIN-USCFVEAEHCL
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-200401781-1598012286-3914482135-500
Account Name: Administrator
Domain Name: WIN-USCFVEAEHCL
Logon ID: 0x5460f
Record Number: 1427
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080927060124.480344-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
-----------------EOF-----------------
==========================================
GMER text:
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-21 12:13:50
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\PATTER~1\AppData\Local\Temp\uftyquoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\nhfygjyh.sys The system cannot find the path specified. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A57817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74AAA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A5BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A4F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A4E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A88395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A5DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A4FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A4FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74ADCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A7C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A4D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A46853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A4687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A52AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
======================================================
Thanks so much for your help.