Sha
-
Posts
37 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Sha
-
-
My music seems to be playing a lot better now. It was jumping constantly before, does not seem to do that now.
I will continue to observe it as I use it more.
-
MBAM log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.23.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sasha Gilby :: SHA [administrator]
23/06/2012 9:46:47 PM
mbam-log-2012-06-23 (21-46-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200510
Time elapsed: 7 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi Maurice,
I have completed all the other steps and attach the logs below:
aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 20:24:14
-----------------------------
20:24:14.390 OS Version: Windows 5.1.2600 Service Pack 3
20:24:14.390 Number of processors: 1 586 0x5F02
20:24:14.390 ComputerName: SHA UserName:
20:24:15.078 Initialize success
20:51:41.015 AVAST engine defs: 12062200
20:58:29.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
20:58:29.390 Disk 0 Vendor: WDC_WD800JD-22MSA1 10.01E01 Size: 76319MB BusType: 3
20:58:29.390 Disk 0 MBR read successfully
20:58:29.390 Disk 0 MBR scan
20:58:29.421 Disk 0 Windows XP default MBR code
20:58:29.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
20:58:29.421 Disk 0 scanning sectors +156296385
20:58:29.500 Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:45.703 Service scanning
20:59:02.515 Modules scanning
20:59:08.078 Scan finished successfully
20:59:37.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sasha Gilby\Desktop\MBR.dat"
20:59:37.281 The log file has been saved successfully to "C:\Documents and Settings\Sasha Gilby\Desktop\aswMBR.txt"
-
Hi Maurice,
I have tried three times now to run the Dr Web scan - each time it has 'encountered an error' and has had to close.
What would you like me to do?
-
I have gone ahead and reactivated Spybot's Teatimer and AVG.
Please let me know if I'm to keep these deactivated.
Cheers
-
TDSSKiller log:
17:27:24.0500 2788 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:27:25.0531 2788 ============================================================
17:27:25.0531 2788 Current date / time: 2012/06/22 17:27:25.0531
17:27:25.0531 2788 SystemInfo:
17:27:25.0531 2788
17:27:25.0531 2788 OS Version: 5.1.2600 ServicePack: 3.0
17:27:25.0531 2788 Product type: Workstation
17:27:25.0531 2788 ComputerName: SHA
17:27:25.0531 2788 Windows directory: C:\WINDOWS
17:27:25.0531 2788 System windows directory: C:\WINDOWS
17:27:25.0531 2788 Processor architecture: Intel x86
17:27:25.0531 2788 Number of processors: 1
17:27:25.0531 2788 Page size: 0x1000
17:27:25.0531 2788 Boot type: Normal boot
17:27:25.0531 2788 ============================================================
17:27:27.0265 2788 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:27:27.0265 2788 ============================================================
17:27:27.0265 2788 \Device\Harddisk0\DR0:
17:27:27.0265 2788 MBR partitions:
17:27:27.0265 2788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
17:27:27.0265 2788 ============================================================
17:27:27.0562 2788 C: <-> \Device\Harddisk0\DR0\Partition0
17:27:27.0562 2788 ============================================================
17:27:27.0562 2788 Initialize success
17:27:27.0562 2788 ============================================================
17:27:45.0703 2080 ============================================================
17:27:45.0703 2080 Scan started
17:27:45.0703 2080 Mode: Manual;
17:27:45.0703 2080 ============================================================
17:27:45.0937 2080 Abiosdsk - ok
17:27:45.0937 2080 abp480n5 - ok
17:27:46.0000 2080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:27:46.0000 2080 ACPI - ok
17:27:46.0046 2080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:27:46.0062 2080 ACPIEC - ok
17:27:46.0109 2080 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:27:46.0109 2080 ADIHdAudAddService - ok
17:27:46.0187 2080 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:46.0234 2080 AdobeFlashPlayerUpdateSvc - ok
17:27:46.0250 2080 adpu160m - ok
17:27:46.0265 2080 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
17:27:46.0265 2080 AEAudioService - ok
17:27:46.0312 2080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:27:46.0328 2080 aec - ok
17:27:46.0375 2080 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:27:46.0375 2080 AFD - ok
17:27:46.0375 2080 Aha154x - ok
17:27:46.0390 2080 aic78u2 - ok
17:27:46.0406 2080 aic78xx - ok
17:27:46.0437 2080 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:27:46.0437 2080 Alerter - ok
17:27:46.0468 2080 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:27:46.0468 2080 ALG - ok
17:27:46.0484 2080 AliIde - ok
17:27:46.0500 2080 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:27:46.0500 2080 AmdK8 - ok
17:27:46.0500 2080 amsint - ok
17:27:46.0625 2080 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:46.0640 2080 Apple Mobile Device - ok
17:27:46.0640 2080 AppMgmt - ok
17:27:46.0656 2080 asc - ok
17:27:46.0656 2080 asc3350p - ok
17:27:46.0671 2080 asc3550 - ok
17:27:46.0765 2080 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:27:46.0796 2080 aspnet_state - ok
17:27:46.0843 2080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:27:46.0843 2080 AsyncMac - ok
17:27:46.0875 2080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:27:46.0875 2080 atapi - ok
17:27:46.0890 2080 Atdisk - ok
17:27:46.0953 2080 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:27:46.0968 2080 atksgt - ok
17:27:47.0000 2080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:27:47.0000 2080 Atmarpc - ok
17:27:47.0062 2080 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:27:47.0062 2080 AudioSrv - ok
17:27:47.0109 2080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:27:47.0109 2080 audstub - ok
17:27:47.0234 2080 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
17:27:47.0250 2080 AVG Security Toolbar Service - ok
17:27:47.0312 2080 avg8emc (b9ae3c63a53396cd669ef8ae9c9cbd85) C:\PROGRA~1\AVG\AVG8\avgemc.exe
17:27:47.0343 2080 avg8emc - ok
17:27:47.0406 2080 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
17:27:47.0421 2080 avg8wd - ok
17:27:47.0484 2080 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
17:27:47.0484 2080 AvgLdx86 - ok
17:27:47.0531 2080 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
17:27:47.0531 2080 AvgMfx86 - ok
17:27:47.0578 2080 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
17:27:47.0578 2080 AvgTdiX - ok
17:27:47.0625 2080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:27:47.0625 2080 Beep - ok
17:27:47.0687 2080 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:27:47.0765 2080 BITS - ok
17:27:47.0859 2080 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:27:47.0875 2080 Bonjour Service - ok
17:27:47.0921 2080 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:27:47.0921 2080 Browser - ok
17:27:47.0968 2080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:27:47.0968 2080 cbidf2k - ok
17:27:47.0984 2080 cd20xrnt - ok
17:27:48.0031 2080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:27:48.0031 2080 Cdaudio - ok
17:27:48.0078 2080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:27:48.0078 2080 Cdfs - ok
17:27:48.0093 2080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:27:48.0109 2080 Cdrom - ok
17:27:48.0109 2080 Changer - ok
17:27:48.0156 2080 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:27:48.0156 2080 CiSvc - ok
17:27:48.0187 2080 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:27:48.0187 2080 ClipSrv - ok
17:27:48.0281 2080 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:48.0343 2080 clr_optimization_v2.0.50727_32 - ok
17:27:48.0359 2080 CmdIde - ok
17:27:48.0359 2080 COMSysApp - ok
17:27:48.0375 2080 Cpqarray - ok
17:27:48.0421 2080 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:27:48.0421 2080 CryptSvc - ok
17:27:48.0421 2080 dac2w2k - ok
17:27:48.0437 2080 dac960nt - ok
17:27:48.0500 2080 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:27:48.0500 2080 DcomLaunch - ok
17:27:48.0546 2080 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys
17:27:48.0546 2080 dgderdrv - ok
17:27:48.0609 2080 dgdersvc (10b8f89d146d0e20b1284d47bb4ec6c9) C:\WINDOWS\system32\dgdersvc.exe
17:27:48.0609 2080 dgdersvc - ok
17:27:48.0656 2080 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:27:48.0656 2080 Dhcp - ok
17:27:48.0687 2080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:27:48.0703 2080 Disk - ok
17:27:48.0703 2080 dmadmin - ok
17:27:48.0765 2080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:27:48.0796 2080 dmboot - ok
17:27:48.0828 2080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:27:48.0843 2080 dmio - ok
17:27:48.0859 2080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:27:48.0875 2080 dmload - ok
17:27:48.0906 2080 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:27:48.0906 2080 dmserver - ok
17:27:48.0937 2080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:27:48.0937 2080 DMusic - ok
17:27:48.0968 2080 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:27:48.0968 2080 Dnscache - ok
17:27:49.0031 2080 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:27:49.0031 2080 Dot3svc - ok
17:27:49.0046 2080 dpti2o - ok
17:27:49.0062 2080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:27:49.0062 2080 drmkaud - ok
17:27:49.0109 2080 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:27:49.0109 2080 EapHost - ok
17:27:49.0156 2080 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:27:49.0156 2080 ERSvc - ok
17:27:49.0203 2080 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:27:49.0203 2080 Eventlog - ok
17:27:49.0281 2080 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:27:49.0281 2080 EventSystem - ok
17:27:49.0328 2080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:27:49.0328 2080 Fastfat - ok
17:27:49.0390 2080 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:27:49.0390 2080 FastUserSwitchingCompatibility - ok
17:27:49.0406 2080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:27:49.0406 2080 Fdc - ok
17:27:49.0421 2080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:27:49.0421 2080 Fips - ok
17:27:49.0546 2080 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:27:49.0609 2080 FLEXnet Licensing Service - ok
17:27:49.0656 2080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:27:49.0656 2080 Flpydisk - ok
17:27:49.0703 2080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:27:49.0703 2080 FltMgr - ok
17:27:49.0859 2080 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:49.0859 2080 FontCache3.0.0.0 - ok
17:27:49.0921 2080 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
17:27:49.0921 2080 FsUsbExDisk - ok
17:27:49.0984 2080 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\WINDOWS\system32\FsUsbExService.Exe
17:27:49.0984 2080 FsUsbExService - ok
17:27:50.0046 2080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:27:50.0046 2080 Fs_Rec - ok
17:27:50.0078 2080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:27:50.0093 2080 Ftdisk - ok
17:27:50.0125 2080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:27:50.0125 2080 GEARAspiWDM - ok
17:27:50.0156 2080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:27:50.0156 2080 Gpc - ok
17:27:50.0218 2080 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:27:50.0218 2080 gupdate - ok
17:27:50.0218 2080 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:27:50.0234 2080 gupdatem - ok
17:27:50.0281 2080 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:27:50.0281 2080 gusvc - ok
17:27:50.0328 2080 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
17:27:50.0343 2080 HdAudAddService - ok
17:27:50.0359 2080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:27:50.0375 2080 HDAudBus - ok
17:27:50.0421 2080 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:27:50.0421 2080 helpsvc - ok
17:27:50.0468 2080 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:27:50.0468 2080 HidServ - ok
17:27:50.0500 2080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:27:50.0500 2080 HidUsb - ok
17:27:50.0546 2080 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:27:50.0546 2080 hkmsvc - ok
17:27:50.0562 2080 hpn - ok
17:27:50.0609 2080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:27:50.0656 2080 HTTP - ok
17:27:50.0718 2080 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:27:50.0718 2080 HTTPFilter - ok
17:27:50.0718 2080 i2omgmt - ok
17:27:50.0734 2080 i2omp - ok
17:27:50.0750 2080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:27:50.0750 2080 i8042prt - ok
17:27:50.0812 2080 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:27:50.0828 2080 IDriverT - ok
17:27:50.0906 2080 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:50.0937 2080 idsvc - ok
17:27:50.0984 2080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:27:50.0984 2080 Imapi - ok
17:27:51.0046 2080 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:27:51.0046 2080 ImapiService - ok
17:27:51.0062 2080 ini910u - ok
17:27:51.0078 2080 IntelIde - ok
17:27:51.0109 2080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:27:51.0109 2080 Ip6Fw - ok
17:27:51.0156 2080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:27:51.0156 2080 IpFilterDriver - ok
17:27:51.0171 2080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:27:51.0171 2080 IpInIp - ok
17:27:51.0203 2080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:27:51.0203 2080 IpNat - ok
17:27:51.0328 2080 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
17:27:51.0359 2080 iPod Service - ok
17:27:51.0406 2080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:27:51.0421 2080 IPSec - ok
17:27:51.0437 2080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:27:51.0437 2080 IRENUM - ok
17:27:51.0468 2080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:27:51.0468 2080 isapnp - ok
17:27:51.0593 2080 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
17:27:51.0593 2080 JavaQuickStarterService - ok
17:27:51.0640 2080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:27:51.0640 2080 Kbdclass - ok
17:27:51.0687 2080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:27:51.0703 2080 kbdhid - ok
17:27:51.0718 2080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:27:51.0718 2080 kmixer - ok
17:27:51.0781 2080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:27:51.0781 2080 KSecDD - ok
17:27:51.0843 2080 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:27:51.0843 2080 lanmanserver - ok
17:27:51.0875 2080 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:27:51.0890 2080 lanmanworkstation - ok
17:27:51.0890 2080 lbrtfdc - ok
17:27:51.0953 2080 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:27:51.0953 2080 lirsgt - ok
17:27:51.0968 2080 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:27:51.0984 2080 LmHosts - ok
17:27:52.0015 2080 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:27:52.0015 2080 mbamchameleon - ok
17:27:52.0046 2080 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:27:52.0046 2080 Messenger - ok
17:27:52.0093 2080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:27:52.0093 2080 mnmdd - ok
17:27:52.0125 2080 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:27:52.0125 2080 mnmsrvc - ok
17:27:52.0171 2080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:27:52.0171 2080 Modem - ok
17:27:52.0187 2080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:27:52.0187 2080 Mouclass - ok
17:27:52.0234 2080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:27:52.0234 2080 mouhid - ok
17:27:52.0265 2080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:27:52.0265 2080 MountMgr - ok
17:27:52.0328 2080 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:27:52.0328 2080 MozillaMaintenance - ok
17:27:52.0328 2080 mraid35x - ok
17:27:52.0375 2080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:27:52.0390 2080 MRxDAV - ok
17:27:52.0437 2080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:27:52.0453 2080 MRxSmb - ok
17:27:52.0515 2080 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:27:52.0515 2080 MSDTC - ok
17:27:52.0531 2080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:27:52.0531 2080 Msfs - ok
17:27:52.0546 2080 MSIServer - ok
17:27:52.0578 2080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:27:52.0578 2080 MSKSSRV - ok
17:27:52.0609 2080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:27:52.0609 2080 MSPCLOCK - ok
17:27:52.0640 2080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:27:52.0640 2080 MSPQM - ok
17:27:52.0703 2080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:27:52.0703 2080 mssmbios - ok
17:27:52.0750 2080 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:27:52.0750 2080 MTsensor - ok
17:27:52.0812 2080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:27:52.0812 2080 Mup - ok
17:27:52.0906 2080 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:27:52.0921 2080 napagent - ok
17:27:52.0968 2080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:27:52.0968 2080 NDIS - ok
17:27:53.0031 2080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:27:53.0031 2080 NdisTapi - ok
17:27:53.0078 2080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:27:53.0078 2080 Ndisuio - ok
17:27:53.0125 2080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:27:53.0125 2080 NdisWan - ok
17:27:53.0187 2080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:27:53.0187 2080 NDProxy - ok
17:27:53.0234 2080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:27:53.0234 2080 NetBIOS - ok
17:27:53.0296 2080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:27:53.0296 2080 NetBT - ok
17:27:53.0343 2080 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:27:53.0343 2080 NetDDE - ok
17:27:53.0359 2080 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:27:53.0359 2080 NetDDEdsdm - ok
17:27:53.0390 2080 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:53.0406 2080 Netlogon - ok
17:27:53.0453 2080 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:27:53.0453 2080 Netman - ok
17:27:53.0625 2080 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:27:53.0625 2080 NetTcpPortSharing - ok
17:27:53.0656 2080 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:27:53.0656 2080 Nla - ok
17:27:53.0671 2080 nmwcd - ok
17:27:53.0687 2080 nmwcdc - ok
17:27:53.0703 2080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:27:53.0703 2080 Npfs - ok
17:27:53.0750 2080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:27:53.0796 2080 Ntfs - ok
17:27:53.0812 2080 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:53.0812 2080 NtLmSsp - ok
17:27:53.0875 2080 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:27:53.0921 2080 NtmsSvc - ok
17:27:53.0953 2080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:27:53.0953 2080 Null - ok
17:27:54.0125 2080 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:27:54.0296 2080 nv - ok
17:27:54.0390 2080 NVENETFD (75da3510f311db3ba72378352ef848be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:27:54.0390 2080 NVENETFD - ok
17:27:54.0437 2080 nvnetbus (84c71701fcea84d7f03e61039fe41b4a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:27:54.0437 2080 nvnetbus - ok
17:27:54.0453 2080 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
17:27:54.0453 2080 NVSvc - ok
17:27:54.0500 2080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:27:54.0500 2080 NwlnkFlt - ok
17:27:54.0515 2080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:27:54.0515 2080 NwlnkFwd - ok
17:27:54.0609 2080 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:54.0609 2080 ose - ok
17:27:54.0656 2080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:27:54.0656 2080 Parport - ok
17:27:54.0703 2080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:27:54.0703 2080 PartMgr - ok
17:27:54.0765 2080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:27:54.0765 2080 ParVdm - ok
17:27:54.0796 2080 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:27:54.0812 2080 pccsmcfd - ok
17:27:54.0828 2080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:27:54.0828 2080 PCI - ok
17:27:54.0843 2080 PCIDump - ok
17:27:54.0890 2080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:27:54.0890 2080 PCIIde - ok
17:27:54.0937 2080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:27:54.0937 2080 Pcmcia - ok
17:27:54.0953 2080 PDCOMP - ok
17:27:54.0953 2080 PDFRAME - ok
17:27:54.0968 2080 PDRELI - ok
17:27:54.0968 2080 PDRFRAME - ok
17:27:54.0984 2080 perc2 - ok
17:27:54.0984 2080 perc2hib - ok
17:27:55.0046 2080 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:27:55.0046 2080 PlugPlay - ok
17:27:55.0093 2080 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:55.0093 2080 PolicyAgent - ok
17:27:55.0140 2080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:27:55.0140 2080 PptpMiniport - ok
17:27:55.0156 2080 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:27:55.0171 2080 Processor - ok
17:27:55.0171 2080 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:55.0171 2080 ProtectedStorage - ok
17:27:55.0187 2080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:27:55.0187 2080 PSched - ok
17:27:55.0218 2080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:27:55.0218 2080 Ptilink - ok
17:27:55.0234 2080 ql1080 - ok
17:27:55.0250 2080 Ql10wnt - ok
17:27:55.0250 2080 ql12160 - ok
17:27:55.0265 2080 ql1240 - ok
17:27:55.0265 2080 ql1280 - ok
17:27:55.0296 2080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:27:55.0296 2080 RasAcd - ok
17:27:55.0343 2080 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:27:55.0343 2080 RasAuto - ok
17:27:55.0375 2080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:27:55.0375 2080 Rasl2tp - ok
17:27:55.0421 2080 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:27:55.0421 2080 RasMan - ok
17:27:55.0453 2080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:27:55.0453 2080 RasPppoe - ok
17:27:55.0453 2080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:27:55.0468 2080 Raspti - ok
17:27:55.0515 2080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:27:55.0515 2080 Rdbss - ok
17:27:55.0531 2080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:27:55.0531 2080 RDPCDD - ok
17:27:55.0578 2080 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:27:55.0593 2080 RDPWD - ok
17:27:55.0640 2080 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:27:55.0640 2080 RDSessMgr - ok
17:27:55.0656 2080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:27:55.0671 2080 redbook - ok
17:27:55.0703 2080 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:27:55.0703 2080 RemoteAccess - ok
17:27:55.0750 2080 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:27:55.0750 2080 ROOTMODEM - ok
17:27:55.0781 2080 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:27:55.0781 2080 RpcLocator - ok
17:27:55.0812 2080 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:27:55.0812 2080 RpcSs - ok
17:27:55.0859 2080 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:27:55.0859 2080 RSVP - ok
17:27:55.0875 2080 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:27:55.0875 2080 SamSs - ok
17:27:55.0921 2080 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:27:55.0921 2080 SCardSvr - ok
17:27:55.0968 2080 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:27:55.0968 2080 Schedule - ok
17:27:56.0015 2080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:27:56.0015 2080 Secdrv - ok
17:27:56.0062 2080 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:27:56.0062 2080 seclogon - ok
17:27:56.0125 2080 SenFiltService (f22e6dd1d2cf71b77119eead1b3fc79d) C:\WINDOWS\system32\drivers\Senfilt.sys
17:27:56.0140 2080 SenFiltService - ok
17:27:56.0187 2080 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:27:56.0187 2080 SENS - ok
17:27:56.0218 2080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:27:56.0218 2080 serenum - ok
17:27:56.0250 2080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:27:56.0250 2080 Serial - ok
17:27:56.0390 2080 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:27:56.0437 2080 ServiceLayer - ok
17:27:56.0453 2080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:27:56.0468 2080 Sfloppy - ok
17:27:56.0515 2080 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:27:56.0531 2080 SharedAccess - ok
17:27:56.0578 2080 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:27:56.0593 2080 ShellHWDetection - ok
17:27:56.0593 2080 Simbad - ok
17:27:56.0640 2080 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:27:56.0656 2080 SONYPVU1 - ok
17:27:56.0656 2080 Sparrow - ok
17:27:56.0671 2080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:27:56.0671 2080 splitter - ok
17:27:56.0718 2080 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:27:56.0718 2080 Spooler - ok
17:27:56.0734 2080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:27:56.0734 2080 sr - ok
17:27:56.0781 2080 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:27:56.0781 2080 srservice - ok
17:27:56.0828 2080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:27:56.0875 2080 Srv - ok
17:27:56.0937 2080 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:27:56.0937 2080 ssadbus - ok
17:27:56.0968 2080 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:27:56.0968 2080 ssadmdfl - ok
17:27:56.0984 2080 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:27:56.0984 2080 ssadmdm - ok
17:27:57.0031 2080 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:27:57.0031 2080 SSDPSRV - ok
17:27:57.0093 2080 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:27:57.0093 2080 stisvc - ok
17:27:57.0156 2080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:27:57.0156 2080 swenum - ok
17:27:57.0171 2080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:27:57.0171 2080 swmidi - ok
17:27:57.0187 2080 SwPrv - ok
17:27:57.0187 2080 symc810 - ok
17:27:57.0203 2080 symc8xx - ok
17:27:57.0218 2080 sym_hi - ok
17:27:57.0218 2080 sym_u3 - ok
17:27:57.0234 2080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:27:57.0234 2080 sysaudio - ok
17:27:57.0250 2080 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:27:57.0250 2080 SysmonLog - ok
17:27:57.0281 2080 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:27:57.0281 2080 TapiSrv - ok
17:27:57.0343 2080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:27:57.0390 2080 Tcpip - ok
17:27:57.0437 2080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:27:57.0437 2080 TDPIPE - ok
17:27:57.0484 2080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:27:57.0484 2080 TDTCP - ok
17:27:57.0531 2080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:27:57.0531 2080 TermDD - ok
17:27:57.0562 2080 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:27:57.0562 2080 TermService - ok
17:27:57.0593 2080 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:27:57.0609 2080 Themes - ok
17:27:57.0609 2080 TosIde - ok
17:27:57.0640 2080 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:27:57.0640 2080 TrkWks - ok
17:27:57.0671 2080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:27:57.0687 2080 Udfs - ok
17:27:57.0687 2080 ultra - ok
17:27:57.0750 2080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:27:57.0765 2080 Update - ok
17:27:57.0781 2080 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:27:57.0781 2080 upnphost - ok
17:27:57.0812 2080 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:27:57.0812 2080 UPS - ok
17:27:57.0859 2080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:27:57.0859 2080 USBAAPL - ok
17:27:57.0921 2080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:27:57.0921 2080 usbccgp - ok
17:27:57.0953 2080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:27:57.0953 2080 usbehci - ok
17:27:57.0968 2080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:27:57.0968 2080 usbhub - ok
17:27:58.0000 2080 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:27:58.0000 2080 usbohci - ok
17:27:58.0015 2080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:27:58.0015 2080 usbscan - ok
17:27:58.0046 2080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:27:58.0046 2080 USBSTOR - ok
17:27:58.0078 2080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:27:58.0078 2080 VgaSave - ok
17:27:58.0078 2080 ViaIde - ok
17:27:58.0093 2080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:27:58.0093 2080 VolSnap - ok
17:27:58.0156 2080 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:27:58.0187 2080 VSS - ok
17:27:58.0375 2080 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
17:27:58.0437 2080 vToolbarUpdater11.1.0 - ok
17:27:58.0500 2080 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:27:58.0515 2080 W32Time - ok
17:27:58.0578 2080 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
17:27:58.0625 2080 W8335XP - ok
17:27:58.0671 2080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:27:58.0671 2080 Wanarp - ok
17:27:58.0734 2080 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:27:58.0765 2080 Wdf01000 - ok
17:27:58.0781 2080 WDICA - ok
17:27:58.0796 2080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:27:58.0812 2080 wdmaud - ok
17:27:58.0859 2080 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:27:58.0859 2080 WebClient - ok
17:27:58.0968 2080 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:27:58.0968 2080 winmgmt - ok
17:27:59.0015 2080 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:27:59.0031 2080 WmdmPmSN - ok
17:27:59.0062 2080 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:27:59.0078 2080 WmiApSrv - ok
17:27:59.0171 2080 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:27:59.0187 2080 WMPNetworkSvc - ok
17:27:59.0203 2080 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:27:59.0203 2080 WpdUsb - ok
17:27:59.0234 2080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:27:59.0234 2080 WS2IFSL - ok
17:27:59.0281 2080 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:27:59.0296 2080 wscsvc - ok
17:27:59.0343 2080 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:27:59.0359 2080 wuauserv - ok
17:27:59.0406 2080 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:27:59.0421 2080 WudfPf - ok
17:27:59.0437 2080 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:27:59.0453 2080 WudfRd - ok
17:27:59.0500 2080 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
17:27:59.0500 2080 WudfSvc - ok
17:27:59.0562 2080 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:27:59.0562 2080 WZCSVC - ok
17:27:59.0609 2080 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:27:59.0625 2080 xmlprov - ok
17:27:59.0640 2080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:27:59.0984 2080 \Device\Harddisk0\DR0 - ok
17:27:59.0984 2080 Boot (0x1200) (86694bad516a94c6930ce71b6445749b) \Device\Harddisk0\DR0\Partition0
17:27:59.0984 2080 \Device\Harddisk0\DR0\Partition0 - ok
17:28:00.0000 2080 ============================================================
17:28:00.0000 2080 Scan finished
17:28:00.0000 2080 ============================================================
17:28:00.0000 3456 Detected object count: 0
17:28:00.0000 3456 Actual detected object count: 0
-
RogueKiller log:
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Sasha Gilby [Admin rights]
Mode: DNSFix -- Date: 06/22/2012 17:21:25
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> REPLACED ()
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Rogue Killer log:
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Sasha Gilby [Admin rights]
Mode: Scan -- Date: 06/21/2012 18:58:54
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD800JD-22MSA1 +++++
--- User ---
[MBR] 5f426c0572073d7237873973cb24ba4d
[bSP] b01414c07720749cd4e923148626ee4f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Bitdefender report:
QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Thu Jun 21 18:55:19 2012
Machine ID: A8DA4102
No infection found.
-------------------
Processes
---------
Rainlendar2 432 C:\Program Files\Rainlendar2\Rainlendar2.exe
Audio Control Panel 2204 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
AVG Internet Security 684 C:\Program Files\AVG\AVG8\avgcsrvx.exe
AVG Internet Security 220 C:\Program Files\AVG\AVG8\avgrsx.exe
AVG Internet Security 1264 C:\PROGRA~1\AVG\AVG8\avgemc.exe
AVG Internet Security 3796 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
AVG Internet Security 3236 C:\PROGRA~1\AVG\AVG8\avgtray.exe
AVG Internet Security 1736 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Bonjour 1760 C:\Program Files\Bonjour\mDNSResponder.exe
CwService 1868 C:\WINDOWS\system32\FsUsbExService.Exe
Device Error Recovery SDK 1808 C:\WINDOWS\system32\dgdersvc.exe
distnoted 2728 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
Firefox 3144 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 3748 C:\Program Files\Mozilla Firefox\plugin-container.exe
iTunes 228 C:\Program Files\iPod\bin\iPodService.exe
iTunes 2808 C:\Program Files\iTunes\iTunes.exe
iTunes 2516 C:\Program Files\iTunes\iTunesHelper.exe
Java Platform SE 6 U29 288 C:\Program Files\Java\jre6\bin\jqs.exe
Java Platform SE Auto Updater 2 0 3676 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Kies TrayAgent 3232 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 2704 C:\WINDOWS\system32\wscntfy.exe
MobileDeviceHelper 3280 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
MobileDeviceService 1712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NetgearCUv2 Application 1784 C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
NetgearCUv2 Application 904 C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
NetgearCUv2 Application 3860 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
NVIDIA Driver Helper Service, Version 9 420 C:\WINDOWS\system32\nvsvc32.exe
QuickTime 2388 C:\Program Files\QuickTime\QTTask.exe
SMax4PNP Application 1252 C:\Program Files\Analog Devices\Core\smax4pnp.exe
TeaTimer.exe 2676 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ToolbarU Application 248 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
VProtect Application 3000 C:\Program Files\AVG Secure Search\vprot.exe
weather_tracker.exe 2796 C:\Program Files\Weatherzone Tracker\weather_tracker.exe
Windows Live Messenger 3376 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(verified) GoogleToolbarNotifier 3320 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System 520 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2276 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 736 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3220 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 664 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 572 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2776 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 876 C:\Program Files\Internet Explorer\iexplore.exe
Network activity
----------------
Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 74.125.237.101
Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 118.215.223.139
Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 74.125.237.101
Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 119.252.92.8
Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 119.252.92.8
Process iexplore.exe (876) listens on ports: 2921
Process svchost.exe (1052) listens on ports: 135 (RPC)
Process iTunes.exe (2808) listens on ports: 3689 (iTunes)
Autoruns and critical files
---------------------------
Rainlendar2 C:\Program Files\Rainlendar2\Rainlendar2.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Audio Control Panel C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE
AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe
AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Kies TrayAgent C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\HDAShCut.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ssstars.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
nwiz.exe C:\WINDOWS\system32\nwiz.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
ROC_roc_dec12.exe C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe
SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
VProtect Application C:\Program Files\AVG Secure Search\vprot.exe
weather_tracker.exe C:\Program Files\Weatherzone Tracker\weather_tracker.exe
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AVG Internet Security c:\program files\avg\avg8\avgssie.dll
AVG Secure Search c:\program files\avg secure search\11.1.0.7\avg secure search_toolbar.dll
AVG SiteSafety plugin C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx
Facebook Plugin C:\Documents and Settings\Sasha Gilby\Application Data\Facebook\npfbplugin_1_0_3.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
Grab Pro C:\Program Files\Orbitdownloader\GrabPro.dll
Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java Platform SE 6 U29 c:\program files\java\jre6\bin\jp2ssv.dll
Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java Platform SE 6 U29 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32_11_3_300_257.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Orbitcth c:\program files\orbitdownloader\orbitcth.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) RealPlayer Version Plugin C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
(verified) RealPlayer G2 LiveConnect-Enabled P C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
Missing files
-------------
File not found: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Adobe Reader Speed Launcher"
Scan
----
MD5: 11783673be7b701e673366cc03a38d91 C:\Documents and Settings\Sasha Gilby\Application Data\Facebook\npfbplugin_1_0_3.dll
MD5: 956a64612d84f0ce40788c783b0f5be3 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\File.3.1.1e.mfx
MD5: 0a8c31d62ca42f44a43f04992c94b5d0 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\Flash6MovieV2.3.1.1e.mvx
MD5: 99f80ca1ebe95677668f54cac6f4ad6d C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\FlashPlayer.3.1.1e.ocx
MD5: a156ba848ca29e2787c491ece147d630 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\mPlayer.3.1.1e.dll
MD5: 1c04c1968aaa760458f4ee9042f57b40 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\Registry.3.1.1e.mfx
MD5: a6ea12de7903f46b0d3142b1186bf142 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\System.3.1.1e.mfx
MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 115332a83ac2726fa974d30db4bfd8de C:\Program Files\Analog Devices\Core\smax4pnp.exe
MD5: 0af32313f692e894f8e1b5b98956ba24 C:\Program Files\Analog Devices\Core\SMWDMIF.dll
MD5: f2c53b16fefd00dc79a15871a5738573 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: a3be8dddf02718a88b9e2aa7883c0386 c:\program files\avg secure search\11.1.0.7\avg secure search_toolbar.dll
MD5: c1c525f57ea2c077efbd13a3ad06bcfd C:\Program Files\AVG Secure Search\iGearedHelper.dll
MD5: d29046dc1d22561f3ce08dac22bbb17b C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe
MD5: e3a45b096b68a255c814a94e6208b5c5 C:\Program Files\AVG Secure Search\vprot.exe
MD5: df53d3b6c154c94d89102e81e600f906 C:\Program Files\AVG\AVG8\avgtray.exe
MD5: 88dc708cfc7173465ae7ff26b3d0affb C:\Program Files\AVG\AVG8\avgwd.dll
MD5: 25ba2b1efef67f89a1d35b38a56e05e1 C:\Program Files\AVG\AVG8\avgxpl.dll
MD5: d45b7995761253a92ab071d576114f28 C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: c47f17aa10348d7f8cf2f8b8f04ff0b8 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 885ba7ae8f650e7d7bcb5b966e00ddce C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: 83151cce7c35471d192d8327e3ce6d9c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 2f9bc257e314003ff0c332583c4f36c8 C:\Program Files\Common Files\Apple\Apple Application Support\ApplePushService.dll
MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 49c9bcd63390b14c7b14f56dad8daa7d C:\Program Files\Common Files\Apple\Apple Application Support\AVFoundationCF.dll
MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 6183b5113169081b986f5841ef73d489 C:\Program Files\Common Files\Apple\Apple Application Support\CoreAudioToolbox.dll
MD5: 6fe3e3a215e55c76a811b9b56a5aeb09 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: e055b583c291fa8153087295144fc89f C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll
MD5: 7ae27dc9c6a4c7caacd18a5721e98618 C:\Program Files\Common Files\Apple\Apple Application Support\CoreMedia.dll
MD5: 9211b90cd39502caba4f9b32d9084785 C:\Program Files\Common Files\Apple\Apple Application Support\CoreVideo.dll
MD5: 7539d96a5ae8a59dab8c024a7f820514 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
MD5: 126f34ac5d9e681d06499eec0dd6679e C:\Program Files\Common Files\Apple\Apple Application Support\Foundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: ff3fdae555c8b67857c677fd2e1b542c C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 9b290e80e819ba56a8ec7b07249b7865 C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 74573bd40fde60be4010941a735383c2 C:\Program Files\Common Files\Apple\Apple Application Support\MediaToolbox.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: e164b0ed457403a44365adb5573970dd C:\Program Files\Common Files\Apple\Apple Application Support\QuartzCore.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: f32811d226c2eab53e4337d2d26b4d69 C:\Program Files\Common Files\Apple\Apple Application Support\VideoToolbox.dll
MD5: 6a3099d942d393820a36449a054f9862 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll
MD5: edd5e0b248f0ab292a06ee6f1213a2e4 C:\Program Files\Common Files\Apple\Apple Application Support\WebKitQuartzCoreAdditions.dll
MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: ca84c2931bd2da278be015fbce5661c3 C:\Program Files\Common Files\Apple\CoreFP\CoreFP.dll
MD5: 031d7d9d76180bb7e8f80b2ee74289ef C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
MD5: 292d767a51333eb202d3e2f04f9d21e5 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper_main.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 6cceffca0f4a24f7edeeb3f012146d86 C:\Program Files\Common Files\Apple\Mobile Device Support\DeviceLink.dll
MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: f12dae7dae01687e329129e71c12b936 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices.dll
MD5: 41ad454888c7bb4afb3e2f919d21b236 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
MD5: 39019b19c95e78dd2d01fa0e98721122 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MD5: 5fa45791413acce628d5361458f32dde C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 81f63a7037e2815b771646ce44884800 C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll
MD5: 219064ee1addebe69d969e54e6a54578 C:\Program Files\Common Files\SpeechEngines\Microsoft\spcommon.dll
MD5: d5c97349855db59fb88c236278391d3a C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\spttseng.dll
MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE
MD5: 5b97ab550022b2783894c558fa2e1310 c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: e460233208906ecc0e8f057b25562f13 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
MD5: ab3668c159e1cfea184f72650bd66807 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: a350f4ae2450eb11d621ba0f54966e30 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 3ca2dfd1ee857cde7dccf4235f52d142 C:\Program Files\Internet Explorer\pdm.dll
MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
MD5: 5a7e7d3eea5c5c497f4b008a9f869026 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 49918803b661367023bf325cf602afdc C:\Program Files\iPod\bin\iPodService.exe
MD5: a0b7fc085b98dbbc995f6b35cb50280f C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 9b7c7a89c8bec0a8df3dbef3291b2cf7 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: de95378a999e333c7b0f00e9f0967da2 C:\Program Files\iTunes\GNSDK_DSP.DLL
MD5: 0657da79adcac2e30c4a8f4ba454b200 C:\Program Files\iTunes\GNSDK_MUSICID.DLL
MD5: fd494fdadf170175d6ad33671c42846e C:\Program Files\iTunes\GNSDK_SDKMANAGER.DLL
MD5: b9539f97648861223d20f929808e5fa4 C:\Program Files\iTunes\GNSDK_SUBMIT.DLL
MD5: 9a4ef0946cd8c48b50c7efe98a27f8e9 C:\Program Files\iTunes\iTunes.dll
MD5: 5e817f27870c2b41c5b1c53172ba6180 C:\Program Files\iTunes\iTunes.exe
MD5: 823aac80822289f567b2817d63645e99 C:\Program Files\iTunes\iTunes.Resources\en.lproj\iTunesLocalized.DLL
MD5: 47a17a9ecd71385ef8b2d660194abc51 C:\Program Files\iTunes\iTunes.Resources\iTunes.DLL
MD5: 08d1c8cd02c5702e6a24b1b5685abd4d C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.DLL
MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files\iTunes\iTunesHelper.dll
MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files\iTunes\iTunesHelper.exe
MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: dc365b6e595683f67bc21a203432e336 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e3a7850421a4ab8b15fc174eb587bc6b c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 711a2e6a55ec7bfd59b5f649d58b704b c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: 76e47408f544b70a0de4590f7bf8ac77 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: d3c0837346c49095b8af9ef54ad7e90a C:\Program Files\Mozilla Firefox\firefox.exe
MD5: ae383d208b896d17c5201d1f156353cb C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 3551fb8621274bc451356eff70ecc2dc C:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: 16c1297d836ad87a53dd6ab69bc7b570 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 3de755a30d131be8671a638d5c0e898d C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: a013b3ad1626c27fdccbe27f9eac3d7a C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: c09ac580bf42e84b0cb3f2fa73382fef C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: a0f448a3aedad420b13866355f538b61 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 9f58b16676ff68ab0ffc618078f83725 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 2cc8aa20e1132b362daac938098a7d2e C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 3e4fc76314f0dd59946552d0b19bcc2b C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 06d12d2cc88f7c6228f28bac0aa9b716 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: a4c78c8ba7afc2b5c7b4581e8796c63d C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 346644d82e19dada9934504025bfa5cb C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 41623176fef9df3c113eaadadbb5fb42 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 47aff25b68ce4885fec6cfdef8febb5c C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
MD5: 62593d2afec7c88a61c0858c9c4e6c6e C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 8ea5e15de69c2acb292b1d48f00de031 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 11e885d7336bd50f3abbf0e3a5fde894 C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 6d1a6c5a5d05d230c9d90c77f1a48ac2 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 86f963944a1badd1cfbc66f54e7583f1 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 15d5398eed42c2504bb3d4fc875c15d1 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 3a42d0b282e2e77bb0ae744f38d1e19d C:\Program Files\NETGEAR\WG311v3\AutoLinkLib.dll
MD5: adb6233be83e049d3831de09f1aa7dde C:\Program Files\NETGEAR\WG311v3\DNSAPI.dll
MD5: 2241b7da7259258cdcfc6d7e10c873f6 C:\Program Files\NETGEAR\WG311v3\Mrv8000x.dll
MD5: cb21d826d9c39aed19dd431c1880f5de C:\Program Files\NETGEAR\WG311v3\MSVCP60.dll
MD5: 39611ab3dbb77e642c34f7d059a268e1 C:\Program Files\NETGEAR\WG311v3\odSupp_M.dll
MD5: b0136786e9007fdf765126329787b454 C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
MD5: b0136786e9007fdf765126329787b454 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
MD5: 275b68a6752431ce56ec832f3e79caa9 C:\Program Files\NETGEAR\WG311v3\WlanDll.dll
MD5: 0581b85449ec91d1a62d5ad6679d4b69 C:\Program Files\Orbitdownloader\GrabKernel.dll
MD5: a1dc47dc80208724eebe1d0a59a9c59b C:\Program Files\Orbitdownloader\GrabPro.dll
MD5: 3f58187898dba479fd32d29ff7fc2e75 c:\program files\orbitdownloader\orbitcth.dll
MD5: 697d59591bfc78a0d054f0753231151b C:\Program Files\Orbitdownloader\winfile.dll
MD5: 2d841b7b7f6dec32162edfcc69d61f42 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
MD5: 8b4202ecc10d4868476fc0d62c3c0dcd C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
MD5: b4128e08c7fcb87f18c110728f326b88 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: e58ce86d472613a7b8b76a5b9efe51e5 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 29a6de9708f86cf5213890b0999b8f6f C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
MD5: f25e5e8e54b8b66f1adf931e7540c6f1 C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
MD5: f7b437e5c2325ffd0277775415db74c6 C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
MD5: d35d47479d7697a4ecd62d586e45da7d C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
MD5: 5eb3889c5456fe592caea9ca90e43c45 C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
MD5: e54453e9db76979c3008a59316fe53cf C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
MD5: 0e23252e5ae79967ce04eccdda405d81 C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
MD5: ac8f76f0598cbc24158537342be7b067 C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
MD5: 3c82c80920050798882882cbf3efd890 C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
MD5: df5a141d3db468207b6b70b2ad122df1 C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
MD5: 385ec86178a37edec44717a86a89783e C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
MD5: 46c62c86c5b96a8fc0eea6c7c027e55d C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
MD5: 4b7bdf1690a7468aded10836ee6b5825 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
MD5: 418edb0df655f2152ca9d9855e8500bc C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
MD5: 5891edf65ef6396306958e80cc2e9f26 C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
MD5: a6660592449f734ee731aca01bf06150 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
MD5: 7a29400b93a74bf55ea14e8164abc788 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
MD5: b68b7f53f6c7d4705e7f0b8fd4a57e9a C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files\QuickTime\QTTask.exe
MD5: 6b573665742f856b0b9f6c1491dc548d C:\Program Files\Rainlendar2\lfs.dll
MD5: fc3235064d4b19910930512d47d6e947 C:\Program Files\Rainlendar2\libcurl.dll
MD5: aaf99ba73e239c9119dc3c3da1a8eeed C:\Program Files\Rainlendar2\LIBEAY32.dll
MD5: 010ca1ba52b7608e4fec2fe02a7e11a8 C:\Program Files\Rainlendar2\lua51.dll
MD5: 966fe4f82237e86cf541ba4db389b367 C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MD5: 98635ded2d7d265110fc861abd75c344 C:\Program Files\Rainlendar2\Rainlendar2.exe
MD5: e7a8309150177c01738407fc2a1915c3 C:\Program Files\Rainlendar2\SSLEAY32.dll
MD5: 952a224b34bab4517d18087589ff2aba C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MD5: 4048115ca3cdd87b59bf2eabc2b52204 C:\Program Files\Weatherzone Tracker\weather_tracker.exe
MD5: 488052996d1278dab0f2c7dcbe51ef46 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
MD5: f11fe030158f8ef14a56a3ea9e9bd47d C:\Program Files\WinRAR\rarext.dll
MD5: df53d3b6c154c94d89102e81e600f906 C:\PROGRA~1\AVG\AVG8\avgtray.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: 367465dd8e2bffe4c5477c86c8217e8c C:\WINDOWS\system32\dgderapi.dll
MD5: 10b8f89d146d0e20b1284d47bb4ec6c9 C:\WINDOWS\system32\dgdersvc.exe
MD5: 1bd976dd77b31fe0f25708ad5c1351ae C:\WINDOWS\system32\DIFXAPI.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll
MD5: d392183cc5379e302e50ceba635248eb C:\WINDOWS\system32\drivers\ADIHdAud.sys
MD5: 9f59ae2de835641fbb0c6afd80d8fa9b C:\WINDOWS\system32\drivers\AEAudio.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 59301936898ae62245a6f09c0aba9475 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: 3c4b9850a2631c2263507400d029057b C:\WINDOWS\system32\DRIVERS\atksgt.sys
MD5: 92d8e1e8502e649b60e70074eb29c380 C:\WINDOWS\System32\Drivers\avgtdix.sys
MD5: 3be1651c63954067940e7f473498ad70 C:\WINDOWS\System32\drivers\dgderdrv.sys
MD5: f58d2900c66a1e773e3375098e0e9337 C:\WINDOWS\system32\drivers\HdAudio.sys
MD5: 4127e8b6ddb4090e815c1f8852c277d3 C:\WINDOWS\system32\DRIVERS\lirsgt.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: ba1b732c1a70cfea0c1b64f2850bf44f C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: 75da3510f311db3ba72378352ef848be C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
MD5: 84c71701fcea84d7f03e61039fe41b4a C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
MD5: fd2041e9ba03db7764b2248f02475079 C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
MD5: f22e6dd1d2cf71b77119eead1b3fc79d C:\WINDOWS\system32\drivers\Senfilt.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 6d83ff6722baf7e82a4521dbec363e5a C:\WINDOWS\system32\DRIVERS\ssadbus.sys
MD5: 5ae42e90f99749e0e35b9989a2d0275c C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
MD5: 9285d8aba50a4d6482b1574448f9eb76 C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
MD5: 83cafcb53201bbac04d822f32438e244 C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: 7455b3c11a1d6a844b53febdb58646e9 C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: b07663a810e861eebfd0eac7e82ca62d C:\WINDOWS\system32\FsUsbExDisk.SYS
MD5: f96c429788350db4ba6771c3034dfd88 C:\WINDOWS\system32\FsUsbExService.Exe
MD5: 21c8a24455fdafc9d6d8bcd38d62b10b C:\WINDOWS\system32\HDAShCut.exe
MD5: 3618313f7dfb605571a48fcf55d7868f C:\WINDOWS\system32\ieframe.dll
MD5: d9ee4442a74dd7d65d1bcfff4e37be96 C:\WINDOWS\system32\iepeers.dll
MD5: ad850c33a8ac45cf66574e62d1645272 C:\WINDOWS\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 57aa18b2896055e8cb269b19dd85e7f3 C:\WINDOWS\system32\inetcomm.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: c0ba72929738685dbd714907733f2335 C:\WINDOWS\system32\jsproxy.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: f3cd7b20b27d1772c946df993ff3635c C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: c25b91466d8c383299e9e2023f8f7a5a C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL
MD5: 415cea6eafa521f0a3b3d9ebf5fe546b C:\WINDOWS\system32\MrvGINA.dll
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: 3d811bf538d6f359735d757c94f484b6 C:\WINDOWS\system32\msdbg2.dll
MD5: fdf8cf2cb78754d634d6228e12d65aa2 C:\WINDOWS\system32\msfeeds.dll
MD5: 886b62a906b3967cbbf0fd2c833a30bf C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: a007278ec9d59216274dd0154ff0bbaa C:\WINDOWS\system32\nvapi.dll
MD5: c1ea489dd8b5e57b03e2fd5a1500621b C:\WINDOWS\system32\NvCpl.dll
MD5: 1ff171fbaf6e5a29c07b1f8d318b607a C:\WINDOWS\system32\NvMcTray.dll
MD5: 0febe37db6650faa5965c00545009d1d C:\WINDOWS\system32\nvsvc32.exe
MD5: 0294e2a5e89bf786f24a9cc2fd753191 C:\WINDOWS\system32\nwiz.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: 34ffb6aba2da398bb33422e1e9275ba9 C:\WINDOWS\system32\quartz.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: ff257ccca321cd2a697bb5ca38c9ec87 C:\WINDOWS\system32\SCARDDLG.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 0e3605a5e7c23f1139c5c448e1eaf494 C:\WINDOWS\system32\shimgvw.dll
MD5: 29b6a85a733abe65b371023f790b2599 C:\WINDOWS\system32\shmedia.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 200c3f8e80b72b63558b3bc47a6807a0 C:\WINDOWS\system32\slbcsp.dll
MD5: 421b2f81cbb65f94a70a3316c7be0e7c C:\WINDOWS\system32\SlbIop.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 86984e591641191236033d2a4d80ed56 C:\WINDOWS\system32\ssstars.scr
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: fdf44991cb9a33c901ffcbdf19ce95be C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll
MD5: 6b1774334e2975aa60596e54f5ea1430 C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll
No file uploaded.
Scan finished - communication took 6 sec
Total traffic - 0.01 MB sent, 1.22 KB recvd
Scanned 780 files and modules - 70 seconds
==============================================================================
-
Checkup.txt:
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Free 8.5
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java 6 Update 29
Java 2 Runtime Environment, SE v1.4.2_15
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 32% Defragment your hard drive soon!
````````````````````End of Log``````````````````````
-
info.txt:
info.txt logfile of random's system information tool 1.09 2012-06-21 18:42:17
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 9.5.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}
Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Doremi FLV to MP3 Converter 1.6-->C:\Program Files\Doremisoft\DoremiSoft Flv to MP3 Converter\uninst.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}
Java 2 Runtime Environment, SE v1.4.2_15-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kies-->"C:\Program Files\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\Setup.exe" -runfromtemp -l0x0409 -removeonly
Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}
K-Lite Mega Codec Pack 4.7.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}
MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NETGEAR WG311v3 PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{70014586-7BBA-4A92-A610-CDC896C48F8F}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
OutlookAddInNet3Setup-->MsiExec.exe /I{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}
PC Connectivity Solution-->MsiExec.exe /I{089DD780-DB3F-4CDB-A0C2-111360247298}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Sims2Pack Clean Installer -->C:\Program Files\Sims2Pack Clean Installer\uninstall.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
THE SETTLERS - Rise of an Empire-->"C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Mansion and Garden Stuff-->C:\Program Files\EA GAMES\The Sims 2 Mansion and Garden Stuff\EAUninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676-v2)-->"C:\WINDOWS\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Weatherzone Tracker v2.04-->"C:\Program Files\Weatherzone Tracker\unins000.exe"
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Worms2-->C:\WINDOWS\IsUninst.exe -fC:\Team17\Worms2\Uninst.isu
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: SHA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00146CC32B1A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 73969
Source Name: Dhcp
Time Written: 20120512201053.000000+480
Event Type: warning
User:
Computer Name: SHA
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00146CC32B1A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 73856
Source Name: Dhcp
Time Written: 20120511171239.000000+480
Event Type: warning
User:
Computer Name: SHA
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
Record Number: 73811
Source Name: Print
Time Written: 20120510211744.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SHA
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.
Record Number: 73810
Source Name: Print
Time Written: 20120510211742.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SHA
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.
Record Number: 73809
Source Name: Print
Time Written: 20120510211742.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: SHA
Event Code: 1002
Message: Hanging application Photoshop.exe, version 10.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 2187
Source Name: Application Hang
Time Written: 20120123171636.000000+480
Event Type: error
User:
Computer Name: SHA
Event Code: 1002
Message: Hanging application Photoshop.exe, version 10.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 2186
Source Name: Application Hang
Time Written: 20120123171636.000000+480
Event Type: error
User:
Computer Name: SHA
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Record Number: 2038
Source Name: ASP.NET 2.0.50727.0
Time Written: 20120111220758.000000+480
Event Type: warning
User:
Computer Name: SHA
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Record Number: 1137
Source Name: ASP.NET 2.0.50727.0
Time Written: 20111013225001.000000+480
Event Type: warning
User:
Computer Name: SHA
Event Code: 1002
Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 1080
Source Name: Application Hang
Time Written: 20111009131443.000000+480
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
-
Hi Maurice,
Thank you for your reply and your assistance, it is much appreciated.
I have done all you have asked and logs are as below:
Log.txt:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Sasha Gilby at 2012-06-21 18:41:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 1535 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:10 PM, on 21/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Sasha Gilby\Desktop\Dropper\RSIT.exe
C:\Program Files\trend micro\Sasha Gilby.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194700741281
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71}: NameServer = 195.242.208.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71}: NameServer = 195.242.208.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71}: NameServer = 195.242.208.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
--
End of file - 11950 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Sasha Gilby\Application Data\Mozilla\Firefox\Profiles\ew3p7oej.default
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, avg@igeared:7.005.030.004, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.avg.com/route/?d=4cc6b5c1&v=7.005.030.004&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"avg@igeared"=C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npqtplugin8.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Documents and Settings\Sasha Gilby\Application Data\Mozilla\Firefox\Profiles\ew3p7oej.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2012-04-20 241448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll [2012-06-12 2068536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-22 192112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-13 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2012-04-20 696000]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll [2012-06-12 2068536]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-22 192112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-08 716800]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-23 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-23 86016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2011-10-18 2042208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-06-12 1104440]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe [2012-02-16 928096]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-13 68856]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2011-02-18 3877888]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Weather Tracker3"=C:\Program Files\Weatherzone Tracker\weather_tracker.exe [2009-07-17 2888403]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-10-27 3365176]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG311v3 Smart Wizard.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe
C:\Documents and Settings\Sasha Gilby\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-18 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x95000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java Web Start Launcher"
"C:\Documents and Settings\Sasha Gilby\Local Settings\Application Data\qnxwqtu\lnlyvx.exe"="C:\Documents and Settings\Sasha Gilby\Local Settings\Application Data\qnxwqtu\lnlyvx.exe:*:Disabled:lnlyvx"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Documents and Settings\Sasha Gilby\Desktop\WORMS2\START.EXE"="C:\Documents and Settings\Sasha Gilby\Desktop\WORMS2\START.EXE:*:Disabled:Worms 2 Frontend"
"C:\Team17\Worms2\frontend.exe"="C:\Team17\Worms2\frontend.exe:*:Disabled:Worms 2 Frontend"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.siren"=sirenacm.dll
"VIDC.MKVC"=KMVIDC32.DLL
======List of files/folders created in the last 1 month======
2012-06-21 18:41:35 ----D---- C:\Program Files\trend micro
2012-06-21 18:41:34 ----D---- C:\rsit
2012-06-17 21:03:43 ----A---- C:\WINDOWS\ntbtlog.txt
2012-06-14 22:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-06-14 22:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-06-14 22:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$
2012-06-05 22:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
======List of files/folders modified in the last 1 month======
2012-06-21 18:41:35 ----RD---- C:\Program Files
2012-06-21 18:41:25 ----D---- C:\WINDOWS\Prefetch
2012-06-21 18:38:53 ----D---- C:\WINDOWS\ERDNT
2012-06-21 18:38:38 ----D---- C:\Program Files\ERUNT
2012-06-21 17:54:08 ----D---- C:\Program Files\Mozilla Firefox
2012-06-21 17:52:23 ----D---- C:\WINDOWS\system32\drivers\Avg
2012-06-21 17:48:25 ----D---- C:\WINDOWS\Temp
2012-06-20 23:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-18 17:24:07 ----D---- C:\WINDOWS\system32\drivers
2012-06-18 17:21:50 ----HD---- C:\$AVG8.VAULT$
2012-06-17 23:01:36 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-17 21:32:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-06-17 21:03:43 ----D---- C:\WINDOWS
2012-06-17 20:58:54 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-17 14:51:44 ----SHD---- C:\WINDOWS\Installer
2012-06-17 14:51:43 ----SHD---- C:\Config.Msi
2012-06-17 14:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-06-17 14:50:15 ----D---- C:\WINDOWS\system32
2012-06-15 19:49:04 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-15 19:49:02 ----RSD---- C:\WINDOWS\assembly
2012-06-14 22:57:09 ----HD---- C:\WINDOWS\inf
2012-06-14 22:57:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-14 22:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-14 22:56:04 ----D---- C:\WINDOWS\WinSxS
2012-06-14 22:51:30 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-14 22:51:19 ----A---- C:\WINDOWS\imsins.BAK
2012-06-14 22:51:03 ----D---- C:\Program Files\Internet Explorer
2012-06-14 22:49:55 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-12 17:53:12 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-06-12 17:53:10 ----D---- C:\Program Files\AVG Secure Search
2012-06-12 17:53:08 ----D---- C:\WINDOWS\system32\cache
2012-06-12 17:53:04 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-06-12 16:55:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-05-31 21:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-15 108552]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-17 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-15 25416]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-09-06 18120]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-23 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-06-29 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-06-29 20480]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-10 393088]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-10-07 280576]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2010-07-20 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2010-07-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2010-07-20 121576]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-18 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-09-06 95568]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-09-06 217088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-23 159810]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-04 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-18 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Hi all, Yesterday I went out for a few hours and left a few browsers open. When I came home, all my browsers were gone. I tried to open Firefox but it didn't work. I then tried to open IE, AVG and every other icon on my desktop but none opened. I then restarted in safe mode and was able to perform scans with AVG, Malwarebytes and Spybot S&D. Malwarebytes didn't find anything. Spybot found TrojansC-05 and C-02 under 'Search - Explorer'. AVG found 'registry key with reference to infected file C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe. I was able to either heal or move these to the virus vault. I then updated, restarted in normal mode and all applications ran as per usual. I ran scans again this morning and 5 infected files were found during the scan. These have once again been moved to the vault. However, I don't feel like it is 100% clean as my computer is a bit slower than usual and music skips or jumps when I play it. I have attached the DDS and Attach files. DDS.txtAttach.txt Any help on this would be greatly appreciated. Cheers
DDS (Ver_10-03-17.01) - NTFSx86
Run by Sasha Gilby at 18:32:10.45 on Mon 18/06/2012
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1535.557 [GMT 8:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\Sasha Gilby\My Documents\Sasha\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Weather Tracker3] c:\program files\weatherzone tracker\weather_tracker.exe
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194700741281
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: {3E763E93-5FB7-4F64-B8D8-637FF83B2C71} = 195.242.208.40
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sashag~1\applic~1\mozilla\firefox\profiles\ew3p7oej.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b5c1&v=7.005.030.004&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\sasha gilby\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-11-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 297752]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-6 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-14 217088]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-6 18120]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-14 36640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 129976]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-14 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-14 121576]
=============== Created Last 30 ================
2012-06-14 10:08:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
==================== Find3M ====================
2012-06-12 08:55:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2005-10-06 23:17:34 280576 -c--a-w- c:\windows\inf\wg311v3\WG311v3XP.sys
2005-10-06 23:17:34 280576 -c--a-w- c:\windows\inf\wg311v3\WG311v3.sys
2005-03-01 19:16:42 212992 -c--a-w- c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2007-06-11 11:22:16 8 -csh--r- c:\windows\system32\B0D02B64D7.sys
2007-07-10 12:23:13 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-17 00:56:04 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051720090518\index.dat
============= FINISH: 18:34:06.45 ===============
-
Thank you very much for all your help with this, Elise. It is greatly appreciated.
Cheers and have a great weekend!
-
Hi Elise,
Sorry for the late reply - I have not had the time to run this scan until now.
Please find attached the scan result:
Cheers
-
Hi Elise,
I have updated Java as per your instructions.
The PC seems to be working fine, no redirects have been occuring.
Have attached the log for you:
mbam-log-2012-02-13 (15-16-03).txt
Cheers!
-
Hi Elise,
Thank you for your reply and the help
Here is the log as requested:
I will hopefully be able to reply again today but if not, kindly keep this thread open. I will be going down south for the weekend but will be back Monday.
Cheers!
-
Hello,
I recently had two trojans discovered by AVG, which were removed. I was advised my system was clean again however, today when I tried to search on Google, I was redirected to searchmilk.net everytime. I tried different browsers but it still redirected my browser.
I ran scans on AVG again and also on Malwarebytes. Both reported no infections. I then ran Spybot Search & Destroy, which came up with a 'double click' infection.
This was cleaned and I can search on Google without being redirected.
I would, however, like confirmation from an expert if my PC is clean or needs further work.
DDS reports have been attached:
Any help would be greatly appreciated.
Thanks guys
-
Fantastic.
Thanks MrC, I'll give it a try and see how it performs.
I believe that is the extent of my queries for now.
Thank you again for all your help
-
Ok, that makes more sense now!
Would you honestly say PC Firewall Tools Plus is something better suited to someone who knows their way around a computer better (ie. not me
)?I mean, I didn't even know that Scanfile is something my computer uses and after running it through the Virus scanner, the results didn't mean anything to me.
Cheers
-
Thanks Mrc
Can you please answer one question for me or point me in the right direction regarding firewall? I have always been told that you should only have one installed so as to not creat conflict but many experts on here recommend using a firewall other than the default one by Windows. Is this not conflicting? Or would you suggest disabling the Windows firewall and using another program?
Any help or link would be appreciated
-
Ah, ok, thanks for the clarification on both those things
I think I'll keep them checked for the moment and if they get extremely irritating, I'll turn them off.
I appreciate your help with this - it has set my mind at ease now as I thought it was something serious.
Thank you for all your help, cheers and have a great day
-
Hi MrCharlie,
Thanks for your reply
I have uploaded it to the virus scanner. Here are the results:
File name: scanfile.exe
Submission date: 2011-02-22 02:00:08 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)
Safety score: -
Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.172 2011.02.21 -
Antiy-AVL 2.0.3.7 2011.02.19 -
Avast 4.8.1351.0 2011.02.21 -
Avast5 5.0.677.0 2011.02.21 -
AVG 10.0.0.1190 2011.02.21 -
BitDefender 7.2 2011.02.22 -
CAT-QuickHeal 11.00 2011.02.21 -
ClamAV 0.96.4.0 2011.02.22 -
Commtouch 5.2.11.5 2011.02.22 -
Comodo 7766 2011.02.21 -
DrWeb 5.0.2.03300 2011.02.22 -
eSafe 7.0.17.0 2011.02.21 -
eTrust-Vet 36.1.8174 2011.02.21 -
F-Prot 4.6.2.117 2011.02.21 -
F-Secure 9.0.16160.0 2011.02.21 -
Fortinet 4.2.254.0 2011.02.22 -
GData 21 2011.02.22 -
Ikarus T3.1.1.97.0 2011.02.22 -
Jiangmin 13.0.900 2011.02.21 -
K7AntiVirus 9.88.3922 2011.02.21 -
Kaspersky 7.0.0.125 2011.02.22 -
McAfee 5.400.0.1158 2011.02.22 -
McAfee-GW-Edition 2010.1C 2011.02.21 -
Microsoft 1.6502 2011.02.21 -
NOD32 5894 2011.02.21 -
Norman 6.07.03 2011.02.21 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.21 -
PCTools 7.0.3.5 2011.02.21 -
Prevx 3.0 2011.02.22 -
Rising 23.46.00.06 2011.02.21 -
Sophos 4.61.0 2011.02.22 -
SUPERAntiSpyware 4.40.0.1006 2011.02.22 -
Symantec 20101.3.0.103 2011.02.22 -
TheHacker 6.7.0.1.135 2011.02.21 -
TrendMicro 9.200.0.1012 2011.02.21 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.22 -
VBA32 3.12.14.3 2011.02.21 -
VIPRE 8498 2011.02.22 -
ViRobot 2011.2.21.4321 2011.02.21 -
VirusBuster 13.6.212.0 2011.02.21 -
Additional information
MD5 : 2ecb308e2278e94c532b8cd841df8ee2
SHA1 : de36f1f521ce286abc4b4f769e0d1fe68e70b7e4
SHA256: 843033833aeec8d8840d8a14a043521853423be3855c843d22e583b8f3c2125e
I'm not entirely sure what all that means?
Also, in regards to the security centre settings, you want me to uncheck ALL the checked boxes, is that correct? Is that safe to do as I would want it to alert me when my firewall etc, is being altered.
Cheers
-
Hi there,
I queried this in the General sub-forum and was advised by ThreeGuser to post it here as he thought it was somewhat suspicious. Link to that thread here.
My computer is brand new (was installed last week) and this is the first time it's had a problem. It detected a threat so I closed all browsers and ran a scan. This is what it found:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5766
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17/02/2011 12:38:21 PM
mbam-log-2011-02-17 (12-38-21).txt
Scan type: Quick scan
Objects scanned: 144714
Time elapsed: 7 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I removed these items and upon rebooting, the security centre kept popping up telling me my firewall had been turned off. It then kept asking me if I wanted to unblock IE. I've also been asked if I want to unblock Scanfile.
I have followed the rest of the steps in the What do I do now pinned topic.
DDS report here:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 11:25:21.23 on Fri 18/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.843 [GMT 8:00]
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\PROGRA~1\Novosoft\HANDYB~1\hbagent.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\scanfile.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\WinBEAT\WinBEAT.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\My Music\Sasha2\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Weather Tracker3] c:\program files\weatherzone tracker\weather_tracker.exe
uRun: [Handy Backup 6.0] "c:\progra~1\novosoft\handyb~1\hbagent.exe" -logon
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\kyocera mita\fileutility\fileexec.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296690844718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296690819015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 PCAlertDriver;PCAlertDriver;\??\c:\bizcover\ntglm7x.sys --> c:\bizcover\NTGLM7X.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-02-18 02:49:40 -------- d-----w- c:\program files\WOT
2011-02-17 04:28:21 -------- d-----w- c:\docume~1\admini~1\applic~1\ProgSense
2011-02-16 07:04:17 -------- d-----w- C:\downloads
2011-02-16 07:04:17 -------- d-----w- c:\docume~1\admini~1\applic~1\GrabPro
2011-02-16 07:04:14 -------- d-----w- c:\program files\Orbitdownloader
2011-02-14 06:05:25 -------- d-----w- c:\docume~1\admini~1\applic~1\PrimoPDF
2011-02-10 02:57:08 -------- d-----w- c:\program files\Weatherzone Tracker
2011-02-09 07:30:29 -------- d-----w- c:\documents and settings\administrator\Tracing
2011-02-09 07:29:41 -------- d-----w- c:\program files\Microsoft
2011-02-09 07:29:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-09 07:26:29 -------- d-----w- c:\program files\common files\Windows Live
2011-02-09 05:15:20 -------- d-----w- c:\docume~1\admini~1\applic~1\Novosoft
2011-02-09 05:15:14 -------- d-----w- c:\program files\Novosoft
2011-02-09 05:14:46 3433105 ----a-w- C:\hb60.exe
2011-02-09 05:12:50 -------- d-----w- c:\program files\SyncToy 2.1
2011-02-09 05:12:22 3020664 ----a-w- C:\SyncToySetupPackage_v21_x86.exe
2011-02-09 05:02:37 -------- d-----w- C:\temp
2011-02-09 04:47:51 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-02-09 04:47:50 -------- d-----w- c:\program files\Nitro PDF
2011-02-09 04:47:24 7458096 ----a-w- c:\temp\InternationalPrimoPDF.exe
2011-02-09 04:45:36 53248 ------w- c:\windows\jcsock32.dll
2011-02-09 04:45:36 45056 ------r- c:\windows\nsuunins.exe
2011-02-09 04:45:36 190464 ------r- c:\windows\HgTiff2Pdf.dll
2011-02-09 04:45:36 102400 ------r- c:\windows\scanfile.exe
2011-02-09 04:45:36 -------- d-----w- c:\program files\Kyocera Mita
2011-02-09 04:37:01 -------- d-----w- c:\program files\Business Objects
2011-02-09 04:26:51 -------- d-----w- C:\winbeat33cd
2011-02-09 04:09:49 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-02-09 04:09:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 04:09:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-09 04:09:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 04:09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 04:09:13 7734208 ----a-w- c:\temp\mbam-setup-1.50.1.1100.exe
2011-02-09 04:00:46 -------- d-----w- c:\program files\Kyocera
2011-02-09 03:59:58 -------- d-----w- C:\Desktop Assistant
2011-02-09 03:59:15 -------- d-----w- C:\KX_v511405_En
2011-02-09 03:49:43 -------- d-----w- c:\program files\WinBEAT
2011-02-09 03:49:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\WinBEAT
2011-02-09 03:47:36 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2011-02-09 03:47:36 24576 ------w- c:\windows\system32\dbmsgnet.dll
2011-02-09 03:47:32 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-09 03:47:18 -------- d-----w- C:\MIB
2011-02-09 03:46:10 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-02-08 05:01:26 -------- d-----w- c:\program files\MSXML 4.0
2011-02-08 04:29:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2011-02-08 04:25:19 -------- d-----w- c:\program files\Roxio
2011-02-08 04:25:19 -------- d-----w- c:\program files\common files\SureThing Shared
2011-02-08 04:22:34 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2011-02-08 04:22:34 20480 ----a-w- c:\windows\system32\IVIresize.dll
2011-02-08 04:22:34 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2011-02-08 04:22:34 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2011-02-08 04:22:34 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2011-02-08 04:22:34 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2011-02-08 04:22:16 -------- d-----w- c:\program files\common files\InterVideo
2011-02-08 04:21:58 -------- d-----w- c:\program files\InterVideo
2011-02-08 04:21:54 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-02-08 04:21:54 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-02-08 04:21:54 225280 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2011-02-08 04:21:54 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-02-08 04:21:54 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-02-08 04:20:49 -------- d-----w- c:\program files\RealVNC
2011-02-08 04:16:58 -------- d-----w- c:\docume~1\admini~1\applic~1\AVG10
2011-02-08 04:15:09 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-08 04:14:44 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-08 04:14:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-08 04:14:29 -------- d-----w- c:\program files\AVG
2011-02-08 04:13:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-02-08 04:08:20 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-08 04:08:20 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-08 03:45:39 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-02-08 03:43:58 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-02-08 03:43:55 -------- d-----w- c:\windows\SHELLNEW
2011-02-08 03:43:49 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Microsoft Help
2011-02-07 02:15:56 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2011-02-03 05:24:51 756224 ----a-w- c:\windows\system32\winntbbu.dll
2011-02-03 05:24:37 1129 ----a-w- c:\windows\system32\vwipxspx.exe
2011-02-03 05:24:36 1161 ----a-w- c:\windows\system32\usrlogon.cmd
2011-02-03 05:24:31 76288 ----a-w- c:\windows\system32\telnet.exe
2011-02-03 05:24:27 1744 ----a-w- c:\windows\system32\sound.drv
2011-02-03 05:24:27 11264 ----a-w- c:\windows\system32\spnpinst.exe
2011-02-03 05:24:24 882 ----a-w- c:\windows\system32\share.exe
2011-02-03 05:24:14 24064 ----a-w- c:\windows\system32\pidgen.dll
2011-02-03 05:22:53 882 ----a-w- c:\windows\system32\fastopen.exe
2011-02-03 05:22:53 15872 ----a-w- c:\windows\system32\expand.exe
2011-02-03 05:22:53 125952 ----a-w- c:\windows\system32\exts.dll
2011-02-03 05:22:38 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-02-03 05:22:35 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-02-03 05:22:17 640000 ----a-w- c:\windows\system32\dllcache\dbghelp.dll
2011-02-03 05:22:17 640000 ----a-w- c:\windows\system32\dbghelp.dll.old
2011-02-03 05:22:17 640000 ----a-w- c:\windows\system32\dbghelp.dll
2011-02-03 05:22:16 847872 ----a-w- c:\windows\system32\dbgeng.dll
2011-02-03 05:22:01 60416 ----a-w- c:\windows\system32\cabinet.dll
2011-02-03 05:21:57 580608 ----a-w- c:\windows\system32\autofmt.exe
2011-02-03 05:21:56 588800 ----a-w- c:\windows\system32\autochk.exe
2011-02-03 05:21:46 6656 ----a-w- c:\windows\system32\KBDAL.DLL
2011-02-03 05:21:38 1804 ----a-w- c:\windows\system32\Dcache.bin
2011-02-03 05:21:33 2032 ----a-w- c:\windows\system\MOUSE.DRV
2011-02-03 05:21:33 1744 ----a-w- c:\windows\system\SOUND.DRV
2011-02-03 05:21:32 2000 ----a-w- c:\windows\system\KEYBOARD.DRV
2011-02-03 05:21:21 146432 ----a-w- c:\windows\regedit.exe
2011-02-03 05:20:59 707 ----a-w- c:\windows\_default.pif
2011-02-03 05:14:23 -------- d-----w- C:\i386
2011-02-03 05:12:07 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2011-02-03 05:12:07 1482752 ----a-w- c:\windows\RtlUpd.exe
2011-02-03 05:12:06 9715200 ----a-w- c:\windows\RTLCPL.EXE
2011-02-03 05:12:06 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL
2011-02-03 05:12:05 5933568 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-02-03 05:12:03 18782720 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-03 05:12:02 57344 ----a-w- c:\windows\ALCMTR.EXE
2011-02-03 05:12:02 2808832 ----a-w- c:\windows\ALCWZRD.EXE
2011-02-03 05:12:02 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2011-02-03 05:12:02 2170880 ----a-w- c:\windows\MicCal.exe
2011-02-03 05:10:32 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-02-03 05:10:15 -------- d-----w- c:\program files\Program Shortcuts
2011-02-03 05:09:57 -------- d-----w- C:\COMPAQ
2011-02-03 05:07:30 -------- d--h--w- C:\system.sav
==================== Find3M ====================
2011-02-03 03:09:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-03 03:09:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
============= FINISH: 11:25:46.93 ===============
Attach report here:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/02/2011 9:10:23 PM
System Uptime: 18/02/2011 8:32:04 AM (3 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | 3664h
Processor: Intel Pentium III Xeon processor | CPU 1 | 3059/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 147 GiB total, 126.325 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 0.158 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 2/02/2011 9:10:25 PM - System Checkpoint
RP2: 3/02/2011 7:46:53 AM - Removed HP Help and Support
RP3: 3/02/2011 7:47:51 AM - Removed Norton Online Backup
RP4: 3/02/2011 8:19:18 AM - Software Distribution Service 3.0
RP5: 3/02/2011 8:32:15 AM - Software Distribution Service 3.0
RP6: 3/02/2011 9:52:42 AM - Software Distribution Service 3.0
RP7: 3/02/2011 10:24:57 AM - Software Distribution Service 3.0
RP8: 3/02/2011 11:05:21 AM - Installed Adobe Reader X.
RP9: 3/02/2011 11:09:20 AM - Removed Java 6 Update 13
RP10: 4/02/2011 4:08:03 PM - System Checkpoint
RP11: 7/02/2011 9:09:25 AM - System Checkpoint
RP12: 8/02/2011 11:43:40 AM - Installed Microsoft Office Home and Business 2010
RP13: 8/02/2011 12:08:15 PM - Configured Microsoft Office Home and Business 2010
RP14: 8/02/2011 12:08:43 PM - Configured Microsoft Office Home and Business 2010
RP15: 8/02/2011 12:14:29 PM - Installed AVG 2011
RP16: 8/02/2011 12:14:41 PM - Installed AVG 2011
RP17: 8/02/2011 12:22:16 PM - Installed InterVideo Register Manager
RP18: 8/02/2011 12:24:20 PM - Installed DirectX
RP19: 8/02/2011 1:01:23 PM - Software Distribution Service 3.0
RP20: 8/02/2011 1:07:12 PM - Software Distribution Service 3.0
RP21: 9/02/2011 11:47:14 AM - Installed Microsoft SQL Server Desktop Engine
RP22: 9/02/2011 11:49:38 AM - Installed WinBEAT.
RP23: 9/02/2011 12:00:57 PM - Printer Driver Kyocera KM-C2525E KX Installed
RP24: 9/02/2011 12:20:41 PM - Removed Microsoft SQL Server Desktop Engine
RP25: 9/02/2011 12:27:56 PM - Installed Microsoft SQL Server Desktop Engine
RP26: 9/02/2011 12:36:19 PM - Removed WinBEAT.
RP27: 9/02/2011 12:36:57 PM - Installed WinBEAT.
RP28: 9/02/2011 12:47:53 PM - Printer Driver PrimoPDF Installed
RP29: 9/02/2011 1:12:50 PM - Installed SyncToy 2.1 (x86)
RP30: 11/02/2011 1:18:59 PM - System Checkpoint
RP31: 14/02/2011 1:14:59 PM - System Checkpoint
RP32: 15/02/2011 1:21:25 PM - System Checkpoint
RP33: 16/02/2011 1:27:38 PM - System Checkpoint
RP34: 17/02/2011 12:44:37 PM - Software Distribution Service 3.0
RP35: 18/02/2011 10:49:39 AM - Installed WOT for Internet Explorer
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Reader X
AVG 2011
Definition update for Microsoft Office 2010 (KB982726)
Handy Backup 6.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB958756)
Hotfix for Windows XP (KB961118)
Intel® Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java 6 Update 23
Junk Mail filter update
Kyocera Product Library
KyoceraMita Scanner File Utility
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server Desktop Engine
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Orbit Downloader
PrimoPDF -- brought to you by Nitro PDF Software
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sonic CinePlayer Decoder Pack
SyncToy 2.1 (x86)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VNC Free Edition 4.1.3
Weatherzone Tracker v2.04
WebFldrs XP
WinBEAT
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WOT for Internet Explorer
==== Event Viewer Messages From Past Week ========
14/02/2011 8:09:37 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
14/02/2011 8:09:37 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL. Reference error message: The operation completed successfully. .
14/02/2011 8:09:37 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
==== End Of File ===========================
Here is the GMER report:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-18 11:53:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.03.0
Running: izld66cg.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwtcraog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA792C6C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA792C770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA792C810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA792C8B0]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 034F2850 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 034F41B0 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 034F3CD0 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1688] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 034F2A50 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2216] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[2912] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 39008FA9 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[2912] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 395486A0 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateKey + 6 7C90D0F4 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateKey + B 7C90D0F9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateMutant + 6 7C90D114 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateMutant + B 7C90D119 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateSection + 6 7C90D184 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtCreateSection + B 7C90D189 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [A8, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenKey + 6 7C90D5D4 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenKey + B 7C90D5D9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenMutant + 6 7C90D5E4 4 Bytes CALL 7B90EBEA
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenMutant + B 7C90D5E9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcess + 6 7C90D604 1 Byte [28]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcessToken + 6 7C90D614 1 Byte [68]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [28, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenSection + 6 7C90D634 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenSection + B 7C90D639 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes CALL 7B90EC6B
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThreadToken + 6 7C90D674 1 Byte [E8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes CALL 7B90EC7C
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes [68, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 1 Byte [A8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [A8, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes CALL 7B90F51D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002C00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002C00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] kernel32.dll!CreateEventW 7C80A749 5 Bytes JMP 002C0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] kernel32.dll!OpenEventW 7C8131E0 5 Bytes JMP 002C0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!RegisterClipboardFormatA 7E418E28 5 Bytes JMP 003B02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!RegisterClipboardFormatW 7E41AF34 5 Bytes JMP 003B02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 003B0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!ActivateKeyboardLayout 7E428673 5 Bytes JMP 003B04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!IsClipboardFormatAvailable 7E42F166 5 Bytes JMP 003B00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardSequenceNumber 7E42F17A 2 Bytes JMP 003B0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardSequenceNumber + 3 7E42F17D 2 Bytes [F8, 81]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!CloseClipboard 7E430265 5 Bytes JMP 003B00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 003B0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!SetClipboardViewer 7E430473 5 Bytes JMP 003B04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!ChangeClipboardChain 7E430487 5 Bytes JMP 003B0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!EmptyClipboard 7E430D96 5 Bytes JMP 003B0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardOwner 7E430DA8 5 Bytes JMP 003B0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 003B0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 003B0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardFormatNameA 7E431290 5 Bytes JMP 003B0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!CountClipboardFormats 7E43167F 5 Bytes JMP 003B01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetOpenClipboardWindow 7E431691 5 Bytes JMP 003B03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!EnumClipboardFormats 7E43E53D 5 Bytes JMP 003B01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardFormatNameW 7E45957F 5 Bytes JMP 003B0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetClipboardViewer 7E46CB94 5 Bytes JMP 003B0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] USER32.dll!GetPriorityClipboardFormat 7E46CC96 5 Bytes JMP 003B03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetDeviceCaps 77F15A71 5 Bytes JMP 003C0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SelectObject 77F15B70 5 Bytes JMP 003C05B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetTextColor 77F15D77 5 Bytes JMP 003C0970
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetBkMode 77F15EDB 5 Bytes JMP 003C0830
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!IntersectClipRect 77F16A56 5 Bytes JMP 003C03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetClipBox 77F16AA1 5 Bytes JMP 003C0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!DeleteObject 77F16BFA 5 Bytes JMP 003C01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003C0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!ExtSelectClipRgn 77F17874 5 Bytes JMP 003C02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SelectClipRgn 77F17AA0 5 Bytes JMP 003C0570
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetTextMetricsW 77F17DB9 5 Bytes JMP 003C0D30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 003C08B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetStretchBltMode 77F18597 5 Bytes JMP 003C05F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!RestoreDC 77F18B28 5 Bytes JMP 003C04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SaveDC 77F18BEE 5 Bytes JMP 003C0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetTextAlign 77F18C8B 5 Bytes JMP 003C0930
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!MoveToEx 77F1A21A 5 Bytes JMP 003C0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetTextFaceW 77F1A5CB 5 Bytes JMP 003C0C70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!StretchDIBits 77F1B0AE 2 Bytes JMP 003C06B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!StretchDIBits + 3 77F1B0B1 2 Bytes [4A, 88]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetWorldTransform 77F1B457 5 Bytes JMP 003C0630
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003C00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003C00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!ExtEscape 77F1C3CC 5 Bytes JMP 003C02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 003C0870
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!LineTo 77F1D997 5 Bytes JMP 003C03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetTextMetricsA 77F1DF45 5 Bytes JMP 003C0CF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetICMMode 77F1E868 5 Bytes JMP 003C0CB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!Rectangle 77F1E9BE 5 Bytes JMP 003C08F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetFontData 77F1F314 5 Bytes JMP 003C0BB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetTextFaceA 77F1F365 5 Bytes JMP 003C0C30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetPolyFillMode 77F20817 5 Bytes JMP 003C0A70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SetMiterLimit 77F20E8E 5 Bytes JMP 003C0AB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 003C0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!ResetDCW 77F2B9AF 5 Bytes JMP 003C09F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!CreateICW 77F2C813 5 Bytes JMP 003C0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!BeginPath 77F2D4B0 5 Bytes JMP 003C0770
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!EndPath 77F2D530 5 Bytes JMP 003C09B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!SelectClipPath 77F2D5B7 5 Bytes JMP 003C0A30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!EndPage 77F2DC61 5 Bytes JMP 003C0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!EndDoc 77F2DEF1 5 Bytes JMP 003C01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!PolyBezierTo 77F2EBD1 5 Bytes JMP 003C0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!PolylineTo 77F2EC7E 5 Bytes JMP 003C04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!CloseFigure 77F2ED1A 5 Bytes JMP 003C0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!StartPage 77F2F49E 5 Bytes JMP 003C0670
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!RemoveFontResourceW 77F3D07C 5 Bytes JMP 003C0B70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!GetGlyphOutlineW 77F3E6D1 5 Bytes JMP 003C0BF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!AddFontResourceW 77F3FFAB 5 Bytes JMP 003C0B30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!CreateScalableFontResourceW 77F40160 5 Bytes JMP 003C0AF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!AbortDoc 77F44CD2 5 Bytes JMP 003C0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 003C0730
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!StrokePath 77F460B7 5 Bytes JMP 003C06F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!FillPath 77F46144 5 Bytes JMP 003C07B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] GDI32.dll!PolyDraw 77F4667B 5 Bytes JMP 003C07F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4748] ole32.dll!OleSetClipboard 775477E8 5 Bytes JMP 003E0030
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 03782850 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 037841B0 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03783CD0 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 03782A50 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 03442850 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 034441B0 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03443CD0 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5104] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 03442A50 C:\Program Files\Orbitdownloader\GrabKernel.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6140] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
---- EOF - GMER 1.0.15 ----
Any help with this would be greatly appreciated.
I will be going away for a long weekend (Saturday to Tuesday) so please keep this open and I will reply as soon as I can.
Cheers
Trojan Horse Dropper in Adobe Reader
in Resolved Malware Removal Logs
Posted
Thank you so much for all your help on this one, Maurice.
I'm sure you hear it all the time but what you guys do here is absolutely amazing.
I shall be in touch if any issues arise.
Thank you again and enjoy the rest of your weekend.
Cheers