Search engine virus

Avg Antivirus plus antispyware 9.0
December 16, 2009 at 16:53:48
Specs: Windows Vista
My laptop got a search page virus , Everytime that I try to use any search it redirects me to a different page... I used combofix 4 days ago and it worked , but now the virus is back...What should I do?

See More: Search engine virus

Report •


#1
December 16, 2009 at 21:00:00
Please run the following scans to help locate the offending files.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 18, 2009 at 20:07:22
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-12-18 23:04:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 27 GB (38%) free of 71 GB
Total RAM: 1789 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:17, on 18/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\TradeZone\TZMetaSolution\WINROS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yc...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Barra de Ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0B105630-3B1F-11D1-B443-00A0244D2920} (WebTreeCtrl Class) - https://www2.bmf.com.br/download/WebTreeFX.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://66.212.0.40/activex/AMC.cab
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://72.9.28.19:4000/user/TSBnwCa...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll,avgrsstx.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 11660 bytes

======Scheduled tasks folder======

C:\Windows\tasks\CAHQTXIZA.job
C:\Windows\tasks\User_Feed_Synchronization-{E21D5D1B-1532-4149-B277-8B25C0FD67D3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E3C3651-B19C-4DD9-A979-901EC3E930AF}]
ssh2 Class - C:\Program Files\Scpad\scpsssh2.dll [2008-05-30 214272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-16 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-24 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll []
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barra de Ferramentas &Crawler - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"tsnpstd3"=C:\Windows\tsnpstd3.exe [2007-04-21 270336]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"MBBalloon"=C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2008-07-15 794464]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"snpstd3"=C:\Windows\vsnpstd3.exe [2007-05-10 835584]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-29 30192]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-16 2033432]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-12-16 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-30 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-16 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\Windows\FixCamera.exe [2007-07-11 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-04-04 813840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-15 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\Windows\vsnpstd3.exe [2007-05-10 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-30 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati External Event Utility"=2
"Automatic LiveUpdate Scheduler"=2
"ccEvtMgr"=2
"ccSetMgr"=2
"CLTNetCnService"=2
"comHost"=3
"ISPwdSvc"=3
"LightScribeService"=2
"LiveUpdate"=3
"Symantec Core LC"=3
"SymAppCore"=2

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll [2009-08-24 202032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll [2009-08-24 202032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2009-12-18 23:04:57 ----D---- C:\rsit
2009-12-17 23:39:13 ----D---- C:\Program Files\MetaTrader 4
2009-12-17 00:04:24 ----D---- C:\Program Files\WinClamAVShield
2009-12-16 23:03:49 ----D---- C:\ProgramData\Kaspersky Lab
2009-12-16 21:38:54 ----D---- C:\Program Files\Crawler
2009-12-16 21:38:39 ----D---- C:\Users\Owner\AppData\Roaming\Spyware Terminator
2009-12-16 21:38:36 ----D---- C:\ProgramData\Spyware Terminator
2009-12-16 21:38:35 ----D---- C:\Program Files\Spyware Terminator
2009-12-16 19:28:56 ----D---- C:\Program Files\DVDFab 6
2009-12-16 00:42:50 ----D---- C:\Program Files\Trend Micro
2009-12-15 23:54:02 ----A---- C:\Windows\system32\avgrsstx.dll
2009-12-15 23:23:30 ----A---- C:\ComboFix.txt
2009-12-15 23:22:29 ----SHD---- C:\$RECYCLE.BIN
2009-12-15 23:11:14 ----D---- C:\toolb17270t
2009-12-15 22:30:47 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2009-12-15 22:30:38 ----D---- C:\ProgramData\Malwarebytes
2009-12-12 00:25:27 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 00:25:26 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 23:40:33 ----D---- C:\$AVG
2009-12-10 23:39:45 ----D---- C:\ProgramData\avg9
2009-12-10 23:08:14 ----A---- C:\Windows\zip.exe
2009-12-10 23:08:14 ----A---- C:\Windows\SWXCACLS.exe
2009-12-10 23:08:14 ----A---- C:\Windows\SWSC.exe
2009-12-10 23:08:14 ----A---- C:\Windows\SWREG.exe
2009-12-10 23:08:14 ----A---- C:\Windows\sed.exe
2009-12-10 23:08:14 ----A---- C:\Windows\PEV.exe
2009-12-10 23:08:14 ----A---- C:\Windows\NIRCMD.exe
2009-12-10 23:08:14 ----A---- C:\Windows\MBR.exe
2009-12-10 23:08:14 ----A---- C:\Windows\grep.exe
2009-12-10 23:08:01 ----D---- C:\Windows\ERDNT
2009-12-10 23:08:00 ----D---- C:\toolb
2009-12-10 22:57:25 ----D---- C:\Qoobox
2009-12-09 22:03:13 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 22:03:10 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 22:03:09 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 22:03:08 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 22:03:08 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 22:03:07 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 22:03:07 ----A---- C:\Windows\system32\occache.dll
2009-12-09 22:03:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 22:03:07 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 22:03:07 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 22:03:06 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 22:03:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 22:03:06 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 22:03:06 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 22:03:06 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 22:03:06 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 22:03:06 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 22:03:06 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 22:03:05 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 21:59:59 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 19:10:45 ----D---- C:\Windows\Sun
2009-12-08 23:53:42 ----RASH---- C:\Windows\system32\wusak.dll
2009-12-08 21:31:29 ----D---- C:\Program Files\HQuote
2009-11-29 14:50:09 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-11-25 00:04:08 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 20:21:04 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 20:21:03 ----A---- C:\Windows\system32\msxml3.dll

======List of files/folders modified in the last 1 months======

2009-12-18 23:05:17 ----D---- C:\Windows\Prefetch
2009-12-18 23:04:13 ----D---- C:\Windows\Temp
2009-12-18 10:09:39 ----D---- C:\Windows\System32
2009-12-18 10:09:39 ----D---- C:\Windows\inf
2009-12-18 10:09:39 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2009-12-17 23:41:32 ----RD---- C:\Program Files
2009-12-17 22:22:43 ----D---- C:\Program Files\HOTALBUMMyBOX
2009-12-17 13:16:03 ----D---- C:\Windows\system32\drivers
2009-12-16 23:03:53 ----SHD---- C:\System Volume Information
2009-12-16 23:03:49 ----D---- C:\ProgramData
2009-12-16 23:00:27 ----D---- C:\Users\Owner\AppData\Roaming\HpUpdate
2009-12-16 22:59:14 ----SHD---- C:\Windows\Installer
2009-12-16 21:28:46 ----D---- C:\ProgramData\DVD Shrink
2009-12-16 20:03:34 ----D---- C:\ProgramData\vsosdk
2009-12-16 19:29:05 ----D---- C:\Users\Owner\AppData\Roaming\Vso
2009-12-15 23:52:40 ----D---- C:\Windows
2009-12-15 23:20:13 ----A---- C:\Windows\system.ini
2009-12-15 23:16:44 ----D---- C:\Windows\AppPatch
2009-12-15 23:16:43 ----D---- C:\Program Files\Common Files
2009-12-15 22:16:24 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2009-12-15 12:13:39 ----D---- C:\Windows\Minidump
2009-12-12 21:08:41 ----D---- C:\MetaStock Data
2009-12-12 12:56:00 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-12-12 00:26:34 ----D---- C:\Windows\winsxs
2009-12-12 00:26:19 ----D---- C:\Windows\system32\catroot2
2009-12-12 00:26:19 ----D---- C:\Windows\system32\catroot
2009-12-10 23:39:46 ----D---- C:\Program Files\AVG
2009-12-10 23:39:32 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-10 23:17:36 ----D---- C:\Windows\Tasks
2009-12-10 12:30:01 ----D---- C:\Windows\system32\Tasks
2009-12-10 12:13:06 ----D---- C:\Windows\rescache
2009-12-10 11:55:22 ----D---- C:\Windows\system32\migration
2009-12-10 11:55:21 ----D---- C:\Program Files\Internet Explorer
2009-12-10 11:55:20 ----D---- C:\Windows\system32\en-US
2009-12-10 11:55:20 ----D---- C:\Program Files\Windows Mail
2009-12-10 00:15:58 ----D---- C:\ProgramData\Microsoft Help
2009-12-10 00:14:43 ----RSD---- C:\Windows\assembly
2009-12-04 19:46:31 ----D---- C:\ProgramData\Adobe
2009-12-04 17:25:27 ----D---- C:\Program Files\Common Files\Adobe
2009-12-04 17:24:36 ----A---- C:\Windows\winros.ini
2009-12-01 15:06:19 ----A---- C:\Windows\system32\MRT.exe
2009-11-29 14:52:39 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-12-15 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-12-15 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-12-15 360584]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-12-16 142592]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 13560]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-12 2930176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-19 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-09-10 6144]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-06-14 47360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 240128]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]
S3 catchme;catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2008-03-13 10423936]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2004-08-27 20092]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2004-09-01 41940]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-09-03 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-12 610304]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-15 285392]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-12 65536]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-03 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-12-16 488960]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 scpVista;scpVista; C:\Program Files\Scpad\scpVista.exe [2006-12-18 118328]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-29 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------


Report •

#3
December 18, 2009 at 20:08:40
info.txt logfile of random's system information tool 1.06 2009-12-18 23:05:24

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}
Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
AXIS Media Control Embedded-->C:\Program Files\Axis Communications\AXIS Media Control Embedded\setup.exe setup.rem remove
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Catalyst Control Center - Branding-->MsiExec.exe /I{C3B3BB74-B49D-4B15-A5D4-863426EB96E0}
ConvertXtoDVD 3.6.4.158-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab 6.2.0.5 (11/11/2009)-->"C:\Program Files\DVDFab 6\unins000.exe"
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Free DVD Decrypter version 1.4-->"C:\Program Files\DVDVideoSoft\Free DVD Decrypter\unins000.exe"
Free Studio version 4.2-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOT ALBUM MYBOX-->C:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
HQuote-->C:\Program Files\HQuote\uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LG Mobile Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D82B5F-B67F-40F8-B4D1-B0415AB2DD86}\setup.exe"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Linksys Updater-->MsiExec.exe /X{C15B6175-689A-4D97-A42C-7225353F60A7}
MetaStock Professional 9.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\Equis\Uninst.isu"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly
NTI Shadow-->C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x0409
O2Micro Flash Memory Card Reader Driver Installer(x86)-->MsiExec.exe /X{78764173-3805-4916-B3CE-B433702B8870}
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Palm® Support Center-->C:\Program Files\Palm\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Photo Loader 2.3E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
Photohands 1.0E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TZMetaSolution 3.0.0.76-->C:\Program Files\TradeZone\TZMetaSolution\uninst.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
USB PC Camera-168-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0009 -removeonly
VoipRaider-->"C:\Program Files\VoipRaider.com\VoipRaider\unins000.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}
Windows Live Galeria de Fotos-->MsiExec.exe /X{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}
Windows Live Mail-->MsiExec.exe /I{74AD1846-2010-4FB1-8E24-B6F2B87150C2}
Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}
Windows Live Movie Maker-->MsiExec.exe /X{24F3CA05-14C6-4D1D-BED8-6E4F61EF1B0E}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}
Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A}
Windows Live Writer-->MsiExec.exe /X{9555B4ED-09A3-4722-8E8C-57A49401D059}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

======Security center information======

AS: Windows Defender
AS: Spyware Terminator

======System event log======

Computer Name: Owner-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 173094
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090812190846.311455-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 173083
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090812175349.318000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 10010
Message: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Record Number: 173064
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090812175222.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 12 seconds since the last report.
Record Number: 173062
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090812175010.308030-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 12 seconds since the last report.
Record Number: 173061
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090812175010.308030-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2767171297-3690587457-3790619901-1003:
Process 1144 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2767171297-3690587457-3790619901-1003

Record Number: 19441
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081024164854.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Record Number: 19409
Source Name: SQLBrowser
Time Written: 20081024163707.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2767171297-3690587457-3790619901-1003_Classes:
Process 1036 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2767171297-3690587457-3790619901-1003_CLASSES

Record Number: 19392
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081024042521.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2767171297-3690587457-3790619901-1003:
Process 1036 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2767171297-3690587457-3790619901-1003

Record Number: 19391
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081024042520.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 19387
Source Name: Microsoft-Windows-EventSystem
Time Written: 20081024042518.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-2767171297-3690587457-3790619901-1003
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x494e2d

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34402
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230231111.253000-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-2767171297-3690587457-3790619901-1003
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x494e65
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a8
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: OWNER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 34401
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230231111.253000-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-2767171297-3690587457-3790619901-1003
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x494e2d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a8
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: OWNER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 34400
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230231111.253000-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Owner
Account Domain: Owner-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2a8
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 34399
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230231111.253000-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34398
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081230185702.267003-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

Related Solutions

#4
December 19, 2009 at 16:54:08
And the requested GMER report please.

Report •

#5
December 20, 2009 at 11:37:37
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-19 00:29:09
Windows 6.0.6002 Service Pack 2
Running: ggmmeerr.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwrcapow.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\Windows\system32\Drivers\PzWDM.sys entry point in "init" section [0x827FD30E]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!CreateWindowExW 77C21305 5 Bytes JMP 6B94D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DrawTextExW 77C291CE 5 Bytes JMP 02EA8103
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DrawTextW 77C297D3 5 Bytes JMP 02EA7F41
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DrawTextA 77C3558D 5 Bytes JMP 02EA7E66
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DrawTextExA 77C355C4 5 Bytes JMP 02EA801C
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxParamW 77C410B0 5 Bytes JMP 6B87541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxIndirectParamW 77C42EF5 5 Bytes JMP 6BA443FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxParamA 77C58152 5 Bytes JMP 6BA4439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!DialogBoxIndirectParamA 77C5847D 5 Bytes JMP 6BA44462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxIndirectA 77C6D4D9 5 Bytes JMP 6BA44331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxIndirectW 77C6D5D3 5 Bytes JMP 6BA442C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxExA 77C6D639 5 Bytes JMP 6BA44264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] USER32.dll!MessageBoxExW 77C6D65D 5 Bytes JMP 6BA44202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] GDI32.dll!ExtTextOutW 763B872B 5 Bytes JMP 02EA82CE
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] GDI32.dll!GetGlyphIndicesW 763BB765 5 Bytes JMP 02EA874A
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] GDI32.dll!ExtTextOutA 763C00A5 5 Bytes JMP 02EA81EA
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] GDI32.dll!TextOutA 763C0BAB 5 Bytes JMP 02EA7CCE
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] GDI32.dll!TextOutW 763C0D6D 5 Bytes JMP 02EA7D9A
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] GDI32.dll!GetGlyphIndicesA 763D9DC0 5 Bytes JMP 02EA8681
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] WS2_32.dll!closesocket 7669330C 5 Bytes JMP 02EA7C46
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] WS2_32.dll!recv 7669343A 5 Bytes JMP 02EA7A06
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] WS2_32.dll!WSASend 76694496 5 Bytes JMP 02EA7AAA
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] WS2_32.dll!send 7669659B 5 Bytes JMP 02EA7966
.text C:\Program Files\Internet Explorer\iexplore.exe[1208] WS2_32.dll!WSARecv 76698400 5 Bytes JMP 02EA7B65
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CreateDialogParamW 77C172A2 5 Bytes JMP 6B94DA10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!GetAsyncKeyState 77C1863C 5 Bytes JMP 6B8690DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!SetWindowsHookExW 77C187AD 5 Bytes JMP 6B9497FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CallNextHookEx 77C18E3B 5 Bytes JMP 6B93CE81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!UnhookWindowsHookEx 77C198DB 5 Bytes JMP 6B8B4620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!EnableWindow 77C1CD8B 5 Bytes JMP 6B94D89D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CreateWindowExW 77C21305 5 Bytes JMP 6B94D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!GetKeyState 77C28CB1 5 Bytes JMP 6B94CE4B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DrawTextExW 77C291CE 5 Bytes JMP 00748103
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DrawTextW 77C297D3 5 Bytes JMP 00747F41
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!IsDialogMessageW 77C30745 5 Bytes JMP 6B87592F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CreateDialogParamA 77C317AA 5 Bytes JMP 6BA45084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!IsDialogMessage 77C31847 5 Bytes JMP 6BA44920 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CreateDialogIndirectParamA 77C326F1 5 Bytes JMP 6BA450BB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DrawTextA 77C3558D 5 Bytes JMP 00747E66
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DrawTextExA 77C355C4 5 Bytes JMP 0074801C
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!CreateDialogIndirectParamW 77C39A62 5 Bytes JMP 6BA450F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!SetKeyboardState 77C40987 5 Bytes JMP 6BA44C8F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxParamW 77C410B0 5 Bytes JMP 6B87541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxIndirectParamW 77C42EF5 5 Bytes JMP 6BA443FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!SendInput 77C42F75 5 Bytes JMP 6BA4584B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!EndDialog 77C4326E 5 Bytes JMP 6B877DD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!SetCursorPos 77C56FB2 5 Bytes JMP 6BA4589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxParamA 77C58152 5 Bytes JMP 6BA4439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!DialogBoxIndirectParamA 77C5847D 5 Bytes JMP 6BA44462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxIndirectA 77C6D4D9 5 Bytes JMP 6BA44331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxIndirectW 77C6D5D3 5 Bytes JMP 6BA442C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxExA 77C6D639 5 Bytes JMP 6BA44264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!MessageBoxExW 77C6D65D 5 Bytes JMP 6BA44202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] USER32.dll!keybd_event 77C6D972 5 Bytes JMP 6BA45BCF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] GDI32.dll!ExtTextOutW 763B872B 5 Bytes JMP 007482CE
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] GDI32.dll!GetGlyphIndicesW 763BB765 5 Bytes JMP 0074874A
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] GDI32.dll!ExtTextOutA 763C00A5 5 Bytes JMP 007481EA
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] GDI32.dll!TextOutA 763C0BAB 5 Bytes JMP 00747CCE
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] GDI32.dll!TextOutW 763C0D6D 5 Bytes JMP 00747D9A
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] GDI32.dll!GetGlyphIndicesA 763D9DC0 5 Bytes JMP 00748681
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] SHELL32.dll!SHRestricted + D95 76E48988 4 Bytes [4D, 30, 05, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] SHELL32.dll!SHRestricted + D9D 76E48990 8 Bytes [57, 2F, 05, 69, 9C, 5B, 04, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] ole32.dll!OleLoadFromStream 76781E12 5 Bytes JMP 6BA44780 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] ole32.dll!CoCreateInstance 767B9EA6 5 Bytes JMP 6B94D6E0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!closesocket 7669330C 5 Bytes JMP 66E9EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!recv 7669343A 5 Bytes JMP 66E9F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!socket 766936D1 5 Bytes JMP 66E9E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!connect 766940D9 5 Bytes JMP 66E9E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!getaddrinfo 7669418A 5 Bytes JMP 66E9E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!WSASend 76694496 5 Bytes JMP 00747AAA
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!send 7669659B 5 Bytes JMP 66E9E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4968] WS2_32.dll!WSARecv 76698400 5 Bytes JMP 00747B65

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74977817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7497BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7496F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7496E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7497DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7496FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7496FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7499C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7496D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74966853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7496687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74972AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [69041AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6904007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6903E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [69040994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6903EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6903A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [69041D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [69043ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [69042999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [69043035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6903FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6903E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6903DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6903FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6903D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6904FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6905051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6904EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6904F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6904EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6904E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6904ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6904007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6903FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6903E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6903FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6903E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [69041AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6903EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [69043ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [69042CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [69042926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [69043035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [69042999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6903BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6904173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6903BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [69040F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [690414E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6903ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6903BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [69041D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6903C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6904103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6903EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [69040994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!


Report •

#6
December 20, 2009 at 11:39:04
RemoveDirectoryW] [69041614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [69040921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6903FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6903A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6903A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6903E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6903E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6903FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6903FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [69040C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6903DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6903D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6903D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6903EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6904007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6903C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6903E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [69043035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [69042999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [69041AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6903BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6903BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6903E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [69042CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [69042926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [69043ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [690423A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6903BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6903FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6903FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6903F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6904ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6904E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6904EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6904F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6904E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6904E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6904EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6905020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6904F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6904EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6904FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6904F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6905051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6904FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [69050085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [69050395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6904FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6904F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6903CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [69042999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [69040C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6903D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6903D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6903DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6903EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [69041D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6903E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6903CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6904007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6903A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [69040994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [69043035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [69043ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6903C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6903BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [69041AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6903CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6903D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [69041614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6904103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6903EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6903C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6903BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [690409B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6903C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6903FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6903E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6903C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6903FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6903C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6903F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6903FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6903F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [690465DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6904620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [69047595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [690460AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6904615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [690475E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [69046533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6904799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6904684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [69046E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [69046AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [69046B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [69047281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [69046716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [690471ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [69047021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [69047FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [69047159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [690468E7] C:\Program

Report •

#7
December 20, 2009 at 11:39:25
Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [69046BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [69046803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [69046F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [690463A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [690480BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [69048513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [69048176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [69047BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [69048235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6904697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [69046DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [69046D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6904731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [69046EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [69046C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [69046AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [690478EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [690463F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [690476D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [69048732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6904777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [69047831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6904667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [69047636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6903BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [69043ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [69043035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6904007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [69041AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6903A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6903EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6903C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6903C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6903E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6903FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6903BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6903FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [69048235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [690481D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [690472CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [690475E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [690476D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [690465DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6904788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [690486D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [690478EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [69048732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [69046533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4968] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [690382F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\23ZQ993Y\www.ty.com.\VideoLoader.swf 0 bytes
File C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\23ZQ993Y\www.ty.com.\VideoLoader.swf\snootzstion.sol 109 bytes
File C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ty.com.\settings.sol 81 bytes

---- EOF - GMER 1.0.15 ----


Report •

#8
December 20, 2009 at 12:15:55
1. Download TDSSKiller and save it to your Desktop.
2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
3. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


4. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
5. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#9
December 20, 2009 at 17:57:23
I did what you said ....but it didn't create a .txt file on my desktop.
The program asks to press any button to continue and when I press nothing happens ...
What should I do?

Thanks


Report •

#10
December 20, 2009 at 18:13:37
Navigate to C:\TDSSKiller.txt and see if it is there, if so copy and paste it to the forum please.

Report •

#11
December 21, 2009 at 15:25:55
Host Name: OWNER-PC
OS Name: Microsoftr Windows VistaT Home Premium
OS Version: 6.0.6002 Service Pack 2 Build 6002
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Owner
Registered Organization:
Product ID:
Original Install Date: 28/12/2007, 19:40:28
System Boot Time: 20/12/2009, 11:48:43
System Manufacturer: Acer
System Model: Extensa 4420
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x64 Family 15 Model 104 Stepping 1 AuthenticAMD ~1800 Mhz
BIOS Version: Phoenix Technologies LTD V1.16, 14/11/2007
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 1.789 MB
Available Physical Memory: 820 MB
Page File: Max Size: 3.832 MB
Page File: Available: 2.162 MB
Page File: In Use: 1.670 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\OWNER-PC
Hotfix(s): 208 Hotfix(s) Installed.
[01]: {7559E742-FF9F-4FAE-B279-008ED296CB4D}
[02]: {AC76BA86-7AD7-0000-2550-7A8C40000817} -
[03]: {34E1EB8F-BDB2-475C-BD80-A86217C41B4D}
[04]: {FD6BE019-4DB7-40D9-B377-F27BC2F8EA40}
[05]: {8B2F38F1-6D3C-4D87-AD2F-954AF6942800}
[06]: KB971513
[07]: KB971512
[08]: 944036
[09]: KB960362
[10]: KB971514
[11]: KB925528
[12]: KB925902
[13]: KB928135
[14]: KB928631
[15]: KB929399
[16]: KB929577
[17]: KB929615
[18]: KB929685
[19]: KB929735
[20]: KB929761
[21]: KB929762
[22]: KB929763
[23]: KB929777
[24]: KB930163
[25]: KB930178
[26]: KB930495
[27]: KB930568
[28]: KB930857
[29]: KB931099
[30]: KB931174
[31]: KB931573
[32]: KB931621
[33]: KB932471
[34]: KB932818
[35]: KB933579
[36]: KB933729
[37]: KB934796
[38]: KB935652
[39]: KB936003
[40]: KB936021
[41]: KB936357
[42]: KB936782
[43]: KB936825
[44]: KB937077
[45]: KB938127
[46]: KB939159
[47]: KB941202
[48]: KB941568
[49]: KB941569
[50]: KB941600
[51]: KB943055
[52]: KB943078
[53]: KB945553
[54]: KB946026
[55]: KB946456
[56]: KB947172
[57]: KB905866
[58]: KB928089
[59]: KB929123
[60]: KB929427
[61]: KB929916
[62]: KB930585
[63]: KB931213
[64]: KB931768
[65]: KB931836
[66]: KB932246
[67]: KB933360
[68]: KB933566
[69]: KB933928
[70]: KB935280
[71]: KB935807
[72]: KB936824
[73]: KB937143
[74]: KB937287
[75]: KB938123
[76]: KB938194
[77]: KB938371
[78]: KB938464
[79]: KB938979
[80]: KB939653
[81]: KB941649
[82]: KB941651
[83]: KB941693
[84]: KB942624
[85]: KB942763
[86]: KB943302
[87]: KB943411
[88]: KB943899
[89]: KB944533
[90]: KB946041
[91]: KB947562
[92]: KB947864
[93]: KB948590
[94]: KB948609
[95]: KB948610
[96]: KB948881
[97]: KB950124
[98]: KB950125
[99]: KB950126
[100]: KB950582
[101]: KB950759
[102]: KB950760
[103]: KB950762
[104]: KB950974
[105]: KB951066
[106]: KB951072
[107]: KB951376
[108]: KB951618
[109]: KB951698
[110]: KB951978
[111]: KB952004
[112]: KB952069
[113]: KB952287
[114]: KB952709
[115]: KB953155
[116]: KB953733
[117]: KB953838
[118]: KB953839
[119]: KB954154
[120]: KB954155
[121]: KB954211
[122]: KB954366
[123]: KB954459
[124]: KB955020
[125]: KB955069
[126]: KB955302
[127]: KB955430
[128]: KB955519
[129]: KB955839
[130]: KB956390
[131]: KB956391
[132]: KB956572
[133]: KB956744
[134]: KB956802
[135]: KB956841
[136]: KB957095
[137]: KB957097
[138]: KB957200
[139]: KB957321
[140]: KB957388
[141]: KB958215
[142]: KB958481
[143]: KB958483
[144]: KB958623
[145]: KB958624
[146]: KB958644
[147]: KB958687
[148]: KB958690
[149]: KB959108
[150]: KB959130
[151]: KB959426
[152]: KB959772
[153]: KB960225
[154]: KB960544
[155]: KB960714
[156]: KB960715
[157]: KB960803
[158]: KB961260
[159]: KB961371
[160]: KB961501
[161]: KB963027
[162]: KB967632
[163]: KB967723
[164]: KB968389
[165]: KB968537
[166]: KB968816
[167]: KB969897
[168]: KB969897
[169]: KB969898
[170]: KB969947
[171]: KB970238
[172]: KB970430
[173]: KB970653
[174]: KB970710
[175]: KB971180
[176]: KB971486
[177]: KB971557
[178]: KB971657
[179]: KB971737
[180]: KB971930
[181]: KB971961
[182]: KB972036
[183]: KB972145
[184]: KB972260
[185]: KB972636
[186]: KB973346
[187]: KB973507
[188]: KB973525
[189]: KB973540
[190]: KB973565
[191]: KB973687
[192]: KB973768
[193]: KB973874
[194]: KB973917
[195]: KB974306
[196]: KB974318
[197]: KB974455
[198]: KB974470
[199]: KB974571
[200]: KB975364
[201]: KB975467
[202]: KB975517
[203]: KB976098
[204]: KB976325
[205]: KB976470
[206]: KB976749
[207]: KB948465
[208]: 940157
Network Card(s): 2 NIC(s) Installed.
[01]: Broadcom 802.11g Network Adapter
Connection Name: Wireless Network Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.100
[02]: fe80::939:ad9a:b1d6:75ca
[02]: Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Connection Name: Local Area Connection
Status: Media disconnected
20:55:57:86 4708 ForceUnloadDriver: NtUnloadDriver error 2
20:55:57:88 4708 ForceUnloadDriver: NtUnloadDriver error 2
20:55:57:89 4708 ForceUnloadDriver: NtUnloadDriver error 2
20:55:57:105 4708 main: Driver KLMD successfully dropped
20:55:57:146 4708 main: Driver KLMD successfully loaded
20:55:57:146 4708
Scanning Registry ...
20:55:57:147 4708 ScanServices: Searching service UACd.sys
20:55:57:147 4708 ScanServices: Open/Create key error 2
20:55:57:147 4708 ScanServices: Searching service TDSSserv.sys
20:55:57:147 4708 ScanServices: Open/Create key error 2
20:55:57:147 4708 ScanServices: Searching service gaopdxserv.sys
20:55:57:148 4708 ScanServices: Open/Create key error 2
20:55:57:148 4708 ScanServices: Searching service gxvxcserv.sys
20:55:57:148 4708 ScanServices: Open/Create key error 2
20:55:57:148 4708 ScanServices: Searching service MSIVXserv.sys
20:55:57:148 4708 ScanServices: Open/Create key error 2
20:55:57:152 4708 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82039000
20:55:57:154 4708 UnhookRegistry: Kernel local addr: 1B30000
20:55:57:154 4708 UnhookRegistry: KeServiceDescriptorTable addr: 1C67B00
20:55:57:156 4708 UnhookRegistry: KiServiceTable addr: 1BDC82C
20:55:57:156 4708 UnhookRegistry: NtEnumerateKey service number (local): 85
20:55:57:156 4708 UnhookRegistry: NtEnumerateKey local addr: 1D2D0BA
20:55:57:161 4708 KLMD_OpenDevice: Trying to open KLMD device
20:55:57:161 4708 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
20:55:57:161 4708 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
20:55:57:161 4708 KLMD_ReadMem: Trying to ReadMemory 0x82081D19[0x4]
20:55:57:161 4708 UnhookRegistry: NtEnumerateKey service number (kernel): 85
20:55:57:162 4708 KLMD_ReadMem: Trying to ReadMemory 0x820E5A40[0x4]
20:55:57:162 4708 UnhookRegistry: NtEnumerateKey real addr: 822360BA
20:55:57:162 4708 UnhookRegistry: NtEnumerateKey calc addr: 822360BA
20:55:57:162 4708 UnhookRegistry: No SDT hooks found on NtEnumerateKey
20:55:57:162 4708 KLMD_ReadMem: Trying to ReadMemory 0x822360BA[0xA]
20:55:57:162 4708 UnhookRegistry: No splicing found on NtEnumerateKey
20:55:57:167 4708
Scanning Kernel memory ...
20:55:57:168 4708 KLMD_OpenDevice: Trying to open KLMD device
20:55:57:168 4708 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
20:55:57:168 4708 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:55:57:168 4708 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 857ED540
20:55:57:168 4708 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
20:55:57:168 4708 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 858F0AC8
20:55:57:168 4708 KLMD_GetLowerDeviceObject: Trying to get lower device object for 858F0AC8
20:55:57:168 4708 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 850778D8
20:55:57:168 4708 KLMD_GetLowerDeviceObject: Trying to get lower device object for 850778D8
20:55:57:168 4708 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8501A820
20:55:57:168 4708 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8501A820
20:55:57:168 4708 KLMD_ReadMem: Trying to ReadMemory 0x8501A820[0x38]
20:55:57:169 4708 DetectCureTDL3: DRIVER_OBJECT addr: 85055A08
20:55:57:169 4708 KLMD_ReadMem: Trying to ReadMemory 0x85055A08[0xA8]
20:55:57:169 4708 KLMD_ReadMem: Trying to ReadMemory 0x850559B8[0x208]
20:55:57:169 4708 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
20:55:57:169 4708 DetectCureTDL3: IrpHandler (0) addr: 82764140
20:55:57:169 4708 DetectCureTDL3: IrpHandler (1) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (2) addr: 82764140
20:55:57:169 4708 DetectCureTDL3: IrpHandler (3) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (4) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (5) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (6) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (7) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (8) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (9) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (10) addr: 820619D2
20:55:57:169 4708 DetectCureTDL3: IrpHandler (11) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (12) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (13) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (14) addr: 82752A5A
20:55:57:170 4708 DetectCureTDL3: IrpHandler (15) addr: 82752A2C
20:55:57:170 4708 DetectCureTDL3: IrpHandler (16) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (17) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (18) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (19) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (20) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (21) addr: 820619D2
20:55:57:170 4708 DetectCureTDL3: IrpHandler (22) addr: 82752A88
20:55:57:170 4708 DetectCureTDL3: IrpHandler (23) addr: 8275FB70
20:55:57:170 4708 DetectCureTDL3: IrpHandler (24) addr: 820619D2
20:55:57:171 4708 DetectCureTDL3: IrpHandler (25) addr: 820619D2
20:55:57:171 4708 DetectCureTDL3: IrpHandler (26) addr: 820619D2
20:55:57:171 4708 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
20:55:57:171 4708 KLMD_ReadMem: DeviceIoControl error 1
20:55:57:171 4708 TDL3_StartIoHookDetect: Unable to get StartIo handler code
20:55:57:171 4708 TDL3_FileDetect: Processing driver: atapi
20:55:57:171 4708 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys
20:55:57:171 4708 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
20:55:57:171 4708 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
20:55:57:188 4708
Completed

Results:
20:55:57:189 4708 Infected objects in memory: 0
20:55:57:189 4708 Cured objects in memory: 0
20:55:57:190 4708 Infected objects on disk: 0
20:55:57:190 4708 Objects on disk cured on reboot: 0
20:55:57:191 4708 Objects on disk deleted on reboot: 0
20:55:57:191 4708 Registry nodes deleted on reboot: 0
20:55:57:192 4708


Report •

#12
December 21, 2009 at 16:30:14
Navigate to C:\Combofix.txt and copy that log and post it please.

Once you do that uninstall Combofix.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a few minutes to run.


Report •

#13
December 21, 2009 at 20:53:39
ComboFix 09-12-10.01 - Owner 15/12/2009 23:12:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.1087 [GMT -5:00]
Running from: c:\users\Owner\Desktop\toolb.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-16 to 2009-12-16 )))))))))))))))))))))))))))))))
.

2009-12-16 04:19 . 2009-12-16 04:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-16 04:19 . 2009-12-16 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-16 03:30 . 2009-12-16 03:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-12-16 03:30 . 2009-12-16 03:30 -------- d-----w- c:\programdata\Malwarebytes
2009-12-13 19:44 . 2009-12-13 19:44 -------- d-----w- c:\users\Owner\advfn
2009-12-12 18:03 . 2009-12-12 18:03 -------- d-----w- c:\program files\DVDFab 6
2009-12-12 05:25 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 05:25 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 05:25 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 15:53 . 2009-12-11 15:53 3963160 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-11 15:53 . 2009-12-11 04:39 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-12-11 15:52 . 2009-12-11 15:52 844056 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-12-11 15:52 . 2009-12-11 15:52 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-12-11 04:40 . 2009-12-11 04:40 -------- d-----w- C:\$AVG
2009-12-11 04:39 . 2009-12-16 03:54 -------- d-----w- c:\programdata\avg9
2009-12-10 02:59 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 00:10 . 2009-12-10 00:10 -------- d-----w- c:\windows\Sun
2009-12-09 04:53 . 2009-12-09 04:53 108032 --sha-r- c:\windows\system32\wusak.dll
2009-12-09 02:31 . 2009-12-11 03:14 -------- d-----w- c:\program files\HQuote
2009-11-29 19:50 . 2009-11-29 19:50 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-11-27 17:30 . 2009-11-27 17:30 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7927.tmp.exe
2009-11-25 05:04 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 01:21 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 01:21 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-18 22:54 . 2009-11-18 22:54 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 04:48 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 04:48 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 04:48 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 04:45 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 04:45 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 04:45 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-16 04:09 . 2009-09-17 00:22 5216 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-12 20:49 . 2009-02-28 19:31 -------- d-----w- c:\programdata\DVD Shrink
2009-12-12 18:03 . 2009-06-15 01:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Vso
2009-12-12 17:56 . 2009-10-29 02:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-11 04:31 . 2009-02-07 17:45 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-12-10 16:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 05:15 . 2007-09-10 23:07 -------- d-----w- c:\programdata\Microsoft Help
2009-12-04 22:25 . 2008-03-01 04:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-29 19:52 . 2008-02-18 21:29 -------- d-----w- c:\program files\Google
2009-11-21 06:40 . 2009-12-10 03:03 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 03:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 03:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 03:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 22:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 22:49 . 2009-11-18 22:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 22:48 . 2009-11-18 22:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 04:27 . 2009-10-29 02:24 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-12 17:52 . 2009-11-10 17:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 17:21 . 2009-11-10 17:17 -------- d-----w- c:\program files\Microsoft
2009-11-10 17:21 . 2009-11-10 17:21 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 17:21 . 2008-02-14 04:25 -------- d-----w- c:\program files\Windows Live
2009-11-10 17:20 . 2009-11-10 17:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 17:18 . 2008-03-12 23:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-03 01:42 . 2009-10-02 17:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 04:49 . 2008-10-18 20:43 -------- d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2009-10-01 01:02 . 2009-11-18 04:47 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 04:47 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 04:47 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 04:47 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 04:47 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 04:47 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 04:47 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 04:47 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 04:47 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 04:47 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 04:47 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 04:47 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 04:47 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 04:47 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 04:47 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 04:47 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 04:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 04:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 04:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 04:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 04:47 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 04:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 04:47 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 04:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 04:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 04:47 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 04:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 04:47 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 04:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 04:47 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 04:47 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 04:47 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 04:47 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 04:47 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 04:47 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 04:47 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 04:47 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 04:47 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 04:47 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 04:47 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 04:47 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 04:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 04:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-11_04.18.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-11 04:39 . 2009-12-11 04:39 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437\vcomp.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80KOR.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80JPN.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ITA.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80FRA.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ESP.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80DEU.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHT.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHS.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfcm80u.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfcm80.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\wbhstipm.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\wbhst_pm.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\w3wphost.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\w3tp.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\wbhstipm.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\wbhst_pm.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\w3wphost.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\w3tp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\wbhstipm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\wbhst_pm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\w3wphost.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\w3tp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\wbhstipm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\wbhst_pm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\w3wphost.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\w3tp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\wbhstipm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\wbhst_pm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\w3wphost.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\w3tp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\wbhstipm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\wbhst_pm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\w3wphost.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\w3tp.dll
+ 2009-12-12 05:25 . 2009-11-09 12:52 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22261_none_75dd5df18aee1840\nshhttp.dll
+ 2009-12-12 05:25 . 2009-11-09 12:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18139_none_757c333a71b0ef5b\nshhttp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:16 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22559_none_7409be458db871e3\nshhttp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:22 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18359_none_73801f94749ad4f2\nshhttp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21157_none_722155479093e45f\nshhttp.dll
+ 2009-12-12 05:25 . 2009-11-09 13:34 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16954_none_7194df7c7778c54e\nshhttp.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\wamregps.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\rscaext.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\rsca.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iissyspr.dll
+ 2009-12-12 05:25 . 2009-11-09 11:03 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisrstas.exe
+ 2009-12-12 05:25 . 2009-11-09 11:03 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisreset.exe
+ 2009-12-12 05:25 . 2009-11-09 12:50 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisreg.dll
+ 2009-12-12 05:25 . 2009-11-09 12:48 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\ahadmin.dll
+ 2009-12-12 05:25 . 2009-11-09 12:48 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\admwprox.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\wamregps.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\rscaext.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\rsca.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iissyspr.dll
+ 2009-12-12 05:25 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisrstas.exe
+ 2009-12-12 05:25 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisreset.exe
+ 2009-12-12 05:25 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisreg.dll
+ 2009-12-12 05:25 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\ahadmin.dll
+ 2009-12-12 05:25 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\admwprox.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\wamregps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\rscaext.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\rsca.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iissyspr.dll
+ 2009-12-12 05:25 . 2009-11-09 11:24 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisrstas.exe
+ 2009-12-12 05:25 . 2009-11-09 11:24 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisreset.exe
+ 2009-12-12 05:25 . 2009-11-09 13:14 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisreg.dll
+ 2009-12-12 05:25 . 2009-11-09 13:12 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\ahadmin.dll
+ 2009-12-12 05:25 . 2009-11-09 13:12 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\admwprox.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\wamregps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\rscaext.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\rsca.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iissyspr.dll
+ 2009-12-12 05:25 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisrstas.exe
+ 2009-12-12 05:25 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisreset.exe
+ 2009-12-12 05:25 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisreg.dll
+ 2009-12-12 05:25 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\ahadmin.dll
+ 2009-12-12 05:25 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\admwprox.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\wamregps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:10 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\rsca.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iissyspr.dll
+ 2009-12-12 05:25 . 2009-11-09 11:15 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisrstas.exe
+ 2009-12-12 05:25 . 2009-11-09 11:15 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisreset.exe
+ 2009-12-12 05:25 . 2009-11-09 13:07 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisreg.dll
+ 2009-12-12 05:25 . 2009-11-09 13:05 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\admwprox.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\wamregps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\rsca.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iissyspr.dll
+ 2009-12-12 05:25 . 2009-11-09 11:33 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisrstas.exe
+ 2009-12-12 05:25 . 2009-11-09 11:33 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisreset.exe
+ 2009-12-12 05:25 . 2009-11-09 13:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisreg.dll
+ 2009-12-12 05:25 . 2009-11-09 13:28 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\admwprox.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22261_none_d1da3f343fb867a4\w3dt.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22261_none_d1da3f343fb867a4\hwebcore.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18139_none_d179147d267b3ebf\w3dt.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18139_none_d179147d267b3ebf\hwebcore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22559_none_d0069f884282c147\w3dt.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22559_none_d0069f884282c147\hwebcore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18359_none_cf7d00d729652456\w3dt.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18359_none_cf7d00d729652456\hwebcore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21157_none_ce1e368a455e33c3\w3dt.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21157_none_ce1e368a455e33c3\hwebcore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.16954_none_cd91c0bf2c4314b2\w3dt.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.16954_none_cd91c0bf2c4314b2\hwebcore.dll
+ 2009-12-12 05:25 . 2009-11-09 12:48 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22261_none_22cda0eb126ecb4f\authsspi.dll
+ 2009-12-12 05:25 . 2009-11-09 12:29 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18139_none_226c7633f931a26a\authsspi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:12 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22559_none_20fa013f153924f2\authsspi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:18 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18359_none_2070628dfc1b8801\authsspi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:06 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21157_none_1f1198411814976e\authsspi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:29 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.16954_none_1e852275fef9785d\authsspi.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22261_none_f7dc740cb3bf845a\httpapi.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18139_none_f77b49559a825b75\httpapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22559_none_f608d460b689ddfd\httpapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18359_none_f57f35af9d6c410c\httpapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21157_none_f4206b62b9655079\httpapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16954_none_f393f597a04a3168\httpapi.dll
+ 2007-09-03 09:18 . 2009-12-16 04:08 79614 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-16 04:08 78884 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-02-07 02:46 . 2009-12-16 04:08 17732 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2767171297-3690587457-3790619901-1003_UserData.bin
+ 2008-02-07 02:42 . 2009-12-15 17:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-07 02:42 . 2009-12-10 16:56 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-07 02:42 . 2009-12-10 16:56 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-07 02:42 . 2009-12-15 17:19 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-07 02:42 . 2009-12-15 17:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-07 02:42 . 2009-12-10 16:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-15 10:33 . 2009-12-05 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-15 10:33 . 2009-12-12 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-15 10:33 . 2009-12-12 17:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-15 10:33 . 2009-12-05 22:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat


Report •

#14
December 21, 2009 at 20:53:55
- 2009-06-15 10:33 . 2009-12-05 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-15 10:33 . 2009-12-12 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-21 04:13 . 2009-12-12 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-21 04:13 . 2009-12-05 21:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-21 04:13 . 2009-12-05 21:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-21 04:13 . 2009-12-12 17:34 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-21 04:13 . 2009-12-12 17:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-21 04:13 . 2009-12-05 21:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-12 05:25 . 2009-11-09 12:53 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\w3ctrlps.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisrstap.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\w3ctrlps.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisrstap.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\w3ctrlps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisrstap.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\w3ctrlps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisrstap.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\w3ctrlps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisrstap.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\w3ctrlps.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisrstap.dll
- 2009-12-10 16:56 . 2009-12-10 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-16 04:04 . 2009-12-16 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-10 16:56 . 2009-12-10 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-16 04:04 . 2009-12-16 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-11 04:39 . 2009-12-11 04:39 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 554832 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\iisw3adm.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\iisw3adm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\iisw3adm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\iisw3adm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\iisw3adm.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\iisw3adm.dll
+ 2009-12-12 05:25 . 2009-11-09 12:51 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\nativerd.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisutil.dll
+ 2009-12-12 05:25 . 2009-11-09 11:04 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iissetup.exe
+ 2009-12-12 05:25 . 2009-11-09 12:50 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisRtl.dll
+ 2009-12-12 05:25 . 2009-11-09 11:03 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisres.dll
+ 2009-12-12 05:25 . 2009-11-09 12:53 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iismig.dll
+ 2009-12-12 05:25 . 2009-11-09 11:03 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\aspnetca.exe
+ 2009-12-12 05:25 . 2009-11-09 12:48 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\appobj.dll
+ 2009-12-12 05:25 . 2009-11-09 11:03 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\appcmd.exe
+ 2009-12-12 05:25 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\nativerd.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisutil.dll
+ 2009-12-12 05:25 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iissetup.exe
+ 2009-12-12 05:25 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisRtl.dll
+ 2009-12-12 05:25 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisres.dll
+ 2009-12-12 05:25 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iismig.dll
+ 2009-12-12 05:25 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\aspnetca.exe
+ 2009-12-12 05:25 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\appobj.dll
+ 2009-12-12 05:25 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\appcmd.exe
+ 2009-12-12 05:25 . 2009-11-09 13:16 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\nativerd.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisutil.dll
+ 2009-12-12 05:25 . 2009-11-09 11:25 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iissetup.exe
+ 2009-12-12 05:25 . 2009-11-09 13:14 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisRtl.dll
+ 2009-12-12 05:25 . 2009-11-09 11:25 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisres.dll
+ 2009-12-12 05:25 . 2009-11-09 13:17 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iismig.dll
+ 2009-12-12 05:25 . 2009-11-09 11:25 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\aspnetca.exe
+ 2009-12-12 05:25 . 2009-11-09 13:12 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\appobj.dll
+ 2009-12-12 05:25 . 2009-11-09 11:25 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\appcmd.exe
+ 2009-12-12 05:25 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\nativerd.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisutil.dll
+ 2009-12-12 05:25 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iissetup.exe
+ 2009-12-12 05:25 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisRtl.dll
+ 2009-12-12 05:25 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisres.dll
+ 2009-12-12 05:25 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iismig.dll
+ 2009-12-12 05:25 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\aspnetca.exe
+ 2009-12-12 05:25 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\appobj.dll
+ 2009-12-12 05:25 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\appcmd.exe
+ 2009-12-12 05:25 . 2009-11-09 13:09 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\nativerd.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisutil.dll
+ 2009-12-12 05:25 . 2009-11-09 11:16 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iissetup.exe
+ 2009-12-12 05:25 . 2009-11-09 13:07 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisRtl.dll
+ 2009-12-12 05:25 . 2009-11-09 10:06 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisres.dll
+ 2009-12-12 05:25 . 2009-11-09 13:11 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iismig.dll
+ 2009-12-12 05:25 . 2009-11-09 11:16 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\aspnetca.exe
+ 2009-12-12 05:25 . 2009-11-09 13:05 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\appobj.dll
+ 2009-12-12 05:25 . 2009-11-09 11:16 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\appcmd.exe
+ 2009-12-12 05:25 . 2009-11-09 13:33 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\nativerd.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisutil.dll
+ 2009-12-12 05:25 . 2009-11-09 11:34 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iissetup.exe
+ 2009-12-12 05:25 . 2009-11-09 13:30 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisRtl.dll
+ 2009-12-12 05:25 . 2009-11-09 10:17 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisres.dll
+ 2009-12-12 05:25 . 2009-11-09 13:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iismig.dll
+ 2009-12-12 05:25 . 2009-11-09 11:34 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\aspnetca.exe
+ 2009-12-12 05:25 . 2009-11-09 13:29 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\appobj.dll
+ 2009-12-12 05:25 . 2009-11-09 11:33 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\appcmd.exe
+ 2009-12-12 05:25 . 2009-11-09 12:50 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22261_none_6bb9ae319a48be5d\isapi.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18139_none_6b58837a810b9578\isapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:15 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22559_none_69e60e859d131800\isapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18359_none_695c6fd483f57b0f\isapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21157_none_67fda5879fee8a7c\isapi.dll
+ 2009-12-12 05:25 . 2009-11-09 13:31 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.16954_none_67712fbc86d36b6b\isapi.dll
+ 2009-12-12 05:25 . 2009-11-09 12:50 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22261_none_d1da3f343fb867a4\iiscore.dll
+ 2009-12-12 05:25 . 2009-11-09 12:30 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18139_none_d179147d267b3ebf\iiscore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:14 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22559_none_d0069f884282c147\iiscore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:20 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18359_none_cf7d00d729652456\iiscore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:07 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21157_none_ce1e368a455e33c3\iiscore.dll
+ 2009-12-12 05:25 . 2009-11-09 13:30 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.16954_none_cd91c0bf2c4314b2\iiscore.dll
+ 2009-12-12 05:25 . 2009-11-09 10:49 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22261_none_aef133562f4e979f\http.sys
+ 2009-12-12 05:25 . 2009-11-09 10:36 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18139_none_ae90089f16116eba\http.sys
+ 2009-12-12 05:25 . 2009-11-09 11:09 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22559_none_ad1d93aa3218f142\http.sys
+ 2009-12-12 05:25 . 2009-11-09 11:04 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18359_none_ac93f4f918fb5451\http.sys
+ 2009-12-12 05:25 . 2009-11-09 11:01 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21157_none_ab352aac34f463be\http.sys
+ 2009-12-12 05:25 . 2009-11-09 11:17 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16954_none_aaa8b4e11bd944ad\http.sys
+ 2009-12-11 04:39 . 2009-12-11 04:39 424448 c:\windows\Installer\284dee2.msi
+ 2009-12-11 04:39 . 2009-12-11 04:39 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
+ 2009-12-11 04:39 . 2009-12-11 04:39 1105920 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
+ 2006-11-02 10:22 . 2009-12-15 20:10 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-12-10 17:09 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-04-29 16:28 . 2009-12-12 05:26 110567891 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2008-07-15 794464]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-29 30192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 22:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 20:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-08 00:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-04-04 08:04 813840 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 17:18 835584 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-30 23:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati External Event Utility"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"ccSetMgr"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"comHost"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SymAppCore"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5a,44,14,74,9c,39,ca,01

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [03/04/2007 12:04 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [02/04/2007 18:11 35712]
R0 PzWDM;PzWDM;c:\windows\System32\drivers\PzWDM.sys [07/02/2009 12:47 15172]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [15/01/2008 09:28 204800]
S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [18/02/2008 16:48 118328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/06/2008 14:04 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [29/11/2009 14:52 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {0B105630-3B1F-11D1-B443-00A0244D2920} - hxxps://www2.bmf.com.br/download/WebTreeFX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://66.212.0.40/activex/AMC.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://72.9.28.19:4000/user/TSBnwCam.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-15 23:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6132)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Scpad\scpLIB.dll
c:\program files\Scpad\scpMIB.dll
c:\program files\Scpad\sshib.dll
.
Completion time: 2009-12-15 23:23:30
ComboFix-quarantined-files.txt 2009-12-16 04:23
ComboFix2.txt 2009-12-11 04:23

Pre-Run: 34.765.836.288 bytes free
Post-Run: 34.982.023.168 bytes free

- - End Of File - - C549CD94DD407D45C12922D8554C3152


Report •

#15
December 21, 2009 at 21:10:22
Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

#16
December 22, 2009 at 19:57:29
It didn't find any threat....
Every time that I click on any search page link it redirects to this link:
http://newserversearch.com/?q=searc...

Any idea?


Report •

#17
December 22, 2009 at 20:44:54
Yes, but confirming it is being a problem right now.

Please go to Virus Total and upload the following file for analysis:

C:\Windows\system32\drivers\atapi.sys

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". It will state that it has been analyzed so click the "reanalyze now" button and wait on it to run.

Post the results in your reply.


Report •

#18
December 23, 2009 at 16:10:55
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.23 -
AhnLab-V3 5.0.0.2 2009.12.23 -
AntiVir 7.9.1.122 2009.12.23 -
Antiy-AVL 2.0.3.7 2009.12.23 -
Authentium 5.2.0.5 2009.12.23 -
Avast 4.8.1351.0 2009.12.23 -
AVG 8.5.0.430 2009.12.23 -
BitDefender 7.2 2009.12.24 -
CAT-QuickHeal 10.00 2009.12.23 -
ClamAV 0.94.1 2009.12.23 -
Comodo 3346 2009.12.24 -
DrWeb 5.0.1.12222 2009.12.24 -
eSafe 7.0.17.0 2009.12.23 -
eTrust-Vet 35.1.7194 2009.12.23 -
F-Prot 4.5.1.85 2009.12.23 -
F-Secure 9.0.15370.0 2009.12.24 -
Fortinet 4.0.14.0 2009.12.24 -
GData 19 2009.12.24 -
Ikarus T3.1.1.79.0 2009.12.23 -
K7AntiVirus 7.10.926 2009.12.22 -
Kaspersky 7.0.0.125 2009.12.24 -
McAfee 5841 2009.12.23 -
McAfee+Artemis 5841 2009.12.23 -

McAfee-GW-Edition 6.8.5 2009.12.23 Heuristic.BehavesLike.Win32.Rootkit.H *********

Microsoft 1.5302 2009.12.24 -
NOD32 4713 2009.12.23 -
Norman 6.04.03 2009.12.23 -
nProtect 2009.1.8.0 2009.12.23 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.24 -
Prevx 3.0 2009.12.24 -
Rising 22.27.02.02 2009.12.23 -
Sophos 4.49.0 2009.12.23 -
Sunbelt 3.2.1858.2 2009.12.23 -
Symantec 1.4.4.12 2009.12.24 -
TheHacker 6.5.0.3.109 2009.12.23 -
TrendMicro 9.120.0.1004 2009.12.23 -
VBA32 3.12.12.0 2009.12.23 -
ViRobot 2009.12.23.2105 2009.12.23 -
VirusBuster 5.0.21.0 2009.12.23 -
Additional information
File size: 19944 bytes
MD5...: 1f05b78ab91c9075565a9d8a4b880bc4
SHA1..: 218442cd7afecbc8d102c4e31d9ef3528642191b
SHA256: 737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd
ssdeep: 384:zzY0Vgd1RrKzBpWk4UwWFSn8G6FuT+quHpBjbOjBMwzt8:zz/Vgd1gzQUSuB
xkMwzt8

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5005
timedatestamp.....: 0x49e01eed (Sat Apr 11 04:39:09 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x19b0 0x1a00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb
.rdata 0x3000 0xae 0x200 1.49 3d541e69f96e97a837841ad289adeac7
.data 0x4000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e
INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06
.rsrc 0x6000 0x3f8 0x400 3.38 5c8a106a7c9416fb469c83dfab844abd
.reloc 0x7000 0x8a 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06

( 2 imports )
> ataport.SYS: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange
> NTOSKRNL.exe: KeTickCount

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: ATAPI IDE Miniport Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Report •

#19
December 23, 2009 at 19:30:59
This will be the newest version of ComboFix, run it exacty as suggested.

Remember..your AVG antivirus, Spyware Terminator, and Windows Defender must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#20
December 23, 2009 at 20:33:35
ComboFix 09-12-23.02 - Owner 23/12/2009 23:20:16.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.778 [GMT -5:00]
Running from: c:\users\Owner\Desktop\Combo-Fix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 04:29 . 2009-12-24 04:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-24 04:29 . 2009-12-24 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-24 04:18 . 2009-12-24 04:18 -------- d-----w- C:\32788R22FWJFW
2009-12-24 04:12 . 2009-12-24 04:12 -------- d-----w- c:\programdata\HP Product Assistant
2009-12-24 04:10 . 2009-12-24 04:13 77351 ----a-w- c:\windows\hpqins05.dat
2009-12-22 05:01 . 2009-12-22 05:15 -------- d-----w- C:\toolb15635t
2009-12-20 03:05 . 2009-12-20 03:05 -------- d-----w- c:\users\Owner\AppData\Local\Yahoo!
2009-12-19 19:37 . 2009-12-19 19:37 -------- d-----w- c:\program files\DVDFab 6
2009-12-19 05:51 . 2009-12-19 05:51 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-12-19 05:49 . 2009-11-29 19:52 2015216 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report03d58e2c\GoogleDesktopSetup.exe
2009-12-19 04:04 . 2009-12-19 04:05 -------- d-----w- C:\rsit
2009-12-18 04:39 . 2009-12-18 04:41 -------- d-----w- c:\program files\MetaTrader 4
2009-12-17 18:37 . 2009-12-17 18:37 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-12-17 16:47 . 2009-12-17 16:47 -------- d--h--w- c:\users\Owner\AppData\Local\acer eNM
2009-12-17 05:04 . 2009-12-17 05:05 -------- d-----w- c:\program files\WinClamAVShield
2009-12-17 04:03 . 2009-12-17 16:48 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-17 02:38 . 2009-12-17 02:39 -------- d-----w- c:\program files\Crawler
2009-12-17 02:38 . 2009-12-17 02:38 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-12-17 02:38 . 2009-12-17 02:38 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-12-17 02:38 . 2009-12-17 02:38 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-17 02:38 . 2009-12-22 23:47 -------- d-----w- c:\users\Owner\AppData\Roaming\Spyware Terminator
2009-12-17 02:38 . 2009-12-23 13:21 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-17 02:38 . 2009-12-17 02:42 -------- d-----w- c:\program files\Spyware Terminator
2009-12-16 05:42 . 2009-12-16 05:42 -------- d-----w- c:\program files\Trend Micro
2009-12-16 04:11 . 2009-12-16 04:23 -------- d-----w- C:\toolb17270t
2009-12-16 03:30 . 2009-12-16 03:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-12-16 03:30 . 2009-12-16 03:30 -------- d-----w- c:\programdata\Malwarebytes
2009-12-13 19:44 . 2009-12-13 19:44 -------- d-----w- c:\users\Owner\advfn
2009-12-12 05:25 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 05:25 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 05:25 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 15:53 . 2009-12-16 04:53 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-12-11 15:53 . 2009-12-16 04:53 3963648 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-11 15:52 . 2009-12-16 04:53 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-12-11 15:52 . 2009-12-16 04:53 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-12-11 04:40 . 2009-12-11 04:40 -------- d-----w- C:\$AVG
2009-12-11 04:39 . 2009-12-19 04:17 -------- d-----w- c:\programdata\avg9
2009-12-11 04:23 . 2009-12-24 04:29 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-12-11 04:08 . 2009-12-11 04:23 -------- d-----w- C:\toolb
2009-12-10 02:59 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 00:10 . 2009-12-10 00:10 -------- d-----w- c:\windows\Sun
2009-12-09 04:53 . 2009-12-09 04:53 108032 --sha-r- c:\windows\system32\wusak.dll
2009-12-09 02:31 . 2009-12-11 03:14 -------- d-----w- c:\program files\HQuote
2009-11-29 19:50 . 2009-11-29 19:50 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-11-27 17:30 . 2009-11-27 17:30 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7927.tmp.exe
2009-11-25 05:04 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 01:21 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 01:21 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 04:14 . 2009-09-02 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\HpUpdate
2009-12-24 04:13 . 2008-08-27 23:48 -------- d-----w- c:\programdata\HP
2009-12-24 02:51 . 2009-02-28 19:31 -------- d-----w- c:\programdata\DVD Shrink
2009-12-23 23:59 . 2009-09-17 00:22 5216 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-22 05:17 . 2009-02-07 17:45 -------- d-----w- c:\program files\HOTALBUMMyBOX
2009-12-19 19:37 . 2009-06-15 01:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Vso
2009-12-17 01:03 . 2009-06-15 03:24 -------- d-----w- c:\programdata\vsosdk
2009-12-12 17:56 . 2009-10-29 02:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-11 04:39 . 2008-05-09 03:27 -------- d-----w- c:\program files\AVG
2009-12-10 16:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 05:15 . 2007-09-10 23:07 -------- d-----w- c:\programdata\Microsoft Help
2009-12-04 22:25 . 2008-03-01 04:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-29 19:52 . 2008-02-18 21:29 -------- d-----w- c:\program files\Google
2009-11-21 06:40 . 2009-12-10 03:03 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 03:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 03:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 03:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 22:54 . 2009-11-18 22:54 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 22:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 22:49 . 2009-11-18 22:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 22:48 . 2009-11-18 22:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 04:27 . 2009-10-29 02:24 -------- d-----w- c:\program files\DVDVideoSoft
2009-11-12 17:52 . 2009-11-10 17:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 17:21 . 2009-11-10 17:17 -------- d-----w- c:\program files\Microsoft
2009-11-10 17:21 . 2009-11-10 17:21 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 17:21 . 2008-02-14 04:25 -------- d-----w- c:\program files\Windows Live
2009-11-10 17:20 . 2009-11-10 17:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 17:18 . 2008-03-12 23:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-03 01:42 . 2009-10-02 17:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 04:49 . 2008-10-18 20:43 -------- d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2009-10-08 21:08 . 2009-11-18 04:45 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 04:45 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 04:45 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-18 04:47 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 04:47 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 04:47 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 04:47 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 04:47 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 04:47 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 04:47 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 04:47 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 04:47 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 04:47 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 04:47 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 04:47 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 04:47 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 04:47 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 04:47 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 04:47 33280 ----a-w- c:\windows\system32\WpdConns.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-17 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-04-21 270336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2008-07-15 794464]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-29 30192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-12-17 2166784]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-10 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-05-22 22:49 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 20:09 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-08 00:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-04-04 08:04 813840 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 17:18 835584 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-30 23:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati External Event Utility"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"ccSetMgr"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"comHost"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SymAppCore"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):5a,44,14,74,9c,39,ca,01

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [03/04/2007 12:04 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [02/04/2007 18:11 35712]
R0 PzWDM;PzWDM;c:\windows\System32\drivers\PzWDM.sys [07/02/2009 12:47 15172]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [16/12/2009 21:38 142592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 18:48 42480]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [15/01/2008 09:28 204800]
S2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [18/02/2008 16:48 118328]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/06/2008 14:04 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [29/11/2009 14:52 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {0B105630-3B1F-11D1-B443-00A0244D2920} - hxxps://www2.bmf.com.br/download/WebTreeFX.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://66.212.0.40/activex/AMC.cab
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://72.9.28.19:4000/user/TSBnwCam.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 23:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5200)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Scpad\scpLIB.dll
c:\program files\Scpad\scpMIB.dll
c:\program files\Scpad\sshib.dll
.
Completion time: 2009-12-23 23:33:26
ComboFix-quarantined-files.txt 2009-12-24 04:33
ComboFix2.txt 2009-12-22 05:15

Pre-Run: 24.109.662.208 bytes free
Post-Run: 23.800.651.776 bytes free

- - End Of File - - 08295AF43177C2634975E7919D7FA4D3


Report •

#21
December 24, 2009 at 10:09:14
Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#22
December 24, 2009 at 14:59:46
OTL logfile created on: 24/12/2009 17:52:14 - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 22,22 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 26,55 Gb Free Space | 38,12% Space Free | Partition Type: NTFS
Drive E: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/24 17:51:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/12/23 23:44:36 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/12/16 21:38:44 | 03,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2009/12/16 21:38:44 | 00,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/12/16 21:38:43 | 02,166,784 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/11/29 14:52:40 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/11/27 12:30:38 | 00,285,296 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/03 04:44:41 | 00,345,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/09 04:19:11 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2009/02/02 21:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/06/02 02:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/15 09:28:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 15:02:04 | 00,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/08/29 12:35:38 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/08/17 16:27:00 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/12 01:58:08 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/07/24 14:21:26 | 00,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/06/28 21:50:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/13 19:56:18 | 00,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/06/13 19:54:36 | 00,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/06/13 14:23:54 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/05/10 12:18:26 | 00,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2007/04/25 19:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 19:33:36 | 00,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/23 12:53:48 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/04/21 08:37:02 | 00,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2007/04/03 01:07:38 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2006/11/24 15:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/10/23 14:00:36 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/10/05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/24 17:51:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/16 21:38:44 | 00,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/11/29 14:52:40 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/21 20:21:18 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/24 20:48:46 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 21:25:50 | 00,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/15 09:28:20 | 00,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/10 18:28:18 | 00,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/08/12 01:58:08 | 00,610,304 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/06/28 21:50:52 | 00,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 19:54:36 | 00,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 14:23:54 | 00,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/05/31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/25 19:34:30 | 00,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 12:53:48 | 00,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/04/03 01:07:38 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/02/12 18:43:44 | 00,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/17 13:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/12/18 13:02:32 | 00,118,328 | ---- | M] (Scopus Tecnologia Ltda) [Auto | Stopped] -- C:\Program Files\Scpad\scpVista.exe -- (scpVista)
SRV - [2006/11/24 15:57:54 | 00,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 04:46:05 | 00,017,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\irmon.dll -- (Irmon)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/12/16 21:38:44 | 00,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/18 18:48:04 | 00,042,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/14 20:23:49 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/04/10 23:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2009/02/07 12:47:55 | 00,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PzWDM.sys -- (PzWDM)
DRV - [2008/03/13 14:44:42 | 10,423,936 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2008/01/19 01:14:10 | 00,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/19 00:55:24 | 00,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/09/10 17:53:23 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/08/22 21:44:18 | 01,950,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/12 02:10:00 | 02,930,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/03 13:05:20 | 00,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/04/25 19:34:44 | 00,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/04/25 19:34:40 | 00,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/04/25 19:34:38 | 00,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/04/17 13:12:00 | 00,240,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/04/03 12:04:28 | 00,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 18:11:08 | 00,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/03/09 17:56:04 | 01,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/12/19 15:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/12/19 15:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/03 00:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 19:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:52 | 00,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/23 14:17:32 | 00,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2004/09/01 09:09:46 | 00,041,940 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/08/27 13:47:02 | 00,020,092 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={s...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/06/12 21:21:20 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/06/12 21:21:20 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\XulPlayer

O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Barra de Ferramentas &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Report •

#23
December 24, 2009 at 15:00:08
O3 - HKCU\..\Toolbar\WebBrowser: (Barra de Ferramentas &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe (PLANNING Co., Ltd.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0B105630-3B1F-11D1-B443-00A0244D2920} https://www2.bmf.com.br/download/WebTreeFX.cab (WebTreeCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eo... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/ge... (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/act... (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/g... (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://66.212.0.40/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} http://72.9.28.19:4000/user/TSBnwCa... (TSBnwCam Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/22 19:26:43 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/12/24 17:51:01 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/12/23 23:32:09 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/23 23:19:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/23 23:19:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/23 23:19:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/23 23:19:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/23 23:18:50 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/12/23 23:18:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/23 23:18:16 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/23 23:12:54 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/12/23 23:11:05 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/12/22 00:01:29 | 00,000,000 | ---D | C] -- C:\toolb15635t
[2009/12/19 22:05:40 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Yahoo!
[2009/12/19 14:37:11 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2009/12/19 00:51:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/12/18 23:04:57 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/17 23:39:13 | 00,000,000 | ---D | C] -- C:\Program Files\MetaTrader 4
[2009/12/17 13:37:41 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2009/12/17 11:47:03 | 00,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\acer eNM
[2009/12/17 00:04:24 | 00,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2009/12/16 23:03:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/12/16 21:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\Crawler
[2009/12/16 21:38:39 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Spyware Terminator
[2009/12/16 21:38:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2009/12/16 21:38:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/12/16 00:42:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/15 23:11:14 | 00,000,000 | ---D | C] -- C:\toolb17270t
[2009/12/15 22:30:47 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2009/12/15 22:30:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/13 14:44:30 | 00,000,000 | ---D | C] -- C:\Users\Owner\advfn
[2009/12/12 00:25:27 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/12 00:25:26 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/10 23:40:33 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/12/10 23:39:45 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/12/10 23:23:53 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2009/12/10 23:08:01 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/10 23:08:00 | 00,000,000 | ---D | C] -- C:\toolb
[2009/12/09 22:03:07 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 22:03:07 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 22:03:07 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 22:03:07 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 22:03:06 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 22:03:06 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 22:03:06 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 22:03:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 22:03:06 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 22:03:06 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 22:03:06 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 22:03:06 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/09 22:03:05 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 22:03:05 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 21:59:59 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/09 19:10:45 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/08 21:31:29 | 00,000,000 | ---D | C] -- C:\Program Files\HQuote
[2009/11/29 14:53:32 | 00,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Google Gadgets
[2009/11/29 14:50:09 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/11/25 00:04:08 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/24 20:20:58 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/06/14 20:23:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[2008/08/31 21:59:50 | 00,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2008/08/31 21:59:50 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2008/08/31 21:59:50 | 00,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009/12/24 17:52:06 | 03,145,728 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2009/12/24 17:51:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2009/12/24 17:28:28 | 00,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/24 17:28:28 | 00,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/24 07:28:36 | 00,000,306 | -HS- | M] () -- C:\Windows\tasks\CAHQTXIZA.job
[2009/12/24 07:28:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/24 07:28:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/24 07:28:21 | 18,770,65728 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/24 01:26:22 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/24 01:26:22 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/23 23:44:22 | 00,373,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/23 23:41:25 | 03,635,027 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2009/12/23 23:38:38 | 00,100,248 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/23 23:29:22 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/23 23:16:16 | 03,863,899 | R--- | M] () -- C:\Users\Owner\Desktop\Combo-Fix.exe
[2009/12/23 23:13:57 | 00,077,351 | ---- | M] () -- C:\Windows\hpqins05.dat
[2009/12/23 23:12:07 | 00,001,180 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/12/23 22:10:59 | 00,079,872 | ---- | M] () -- C:\Users\Owner\Documents\IbovAtivos2212.xlsx
[2009/12/23 21:51:47 | 00,049,664 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 18:58:02 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E21D5D1B-1532-4149-B277-8B25C0FD67D3}.job
[2009/12/21 23:10:06 | 00,080,896 | ---- | M] () -- C:\Users\Owner\Documents\IbovAtivos.xlsx
[2009/12/19 17:38:58 | 00,029,696 | ---- | M] () -- C:\Users\Owner\Desktop\Din-Din.xlsx
[2009/12/19 14:37:33 | 00,000,744 | ---- | M] () -- C:\Users\Owner\Desktop\DVDFab 6.lnk
[2009/12/19 00:51:24 | 00,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2009/12/16 21:41:46 | 00,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2009/12/16 21:38:44 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/15 12:13:31 | 14,882,9915 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/12 12:56:00 | 00,001,036 | ---- | M] () -- C:\Users\Owner\Desktop\DVDVideoSoft Free Studio.lnk
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2009/12/08 23:53:42 | 00,108,032 | RHS- | M] () -- C:\Windows\System32\wusak.dll
[2009/12/07 22:09:20 | 00,011,165 | ---- | M] () -- C:\Users\Owner\Documents\SGPS3.docx
[2009/12/04 17:25:31 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/12/04 17:24:36 | 00,000,292 | ---- | M] () -- C:\Windows\winros.ini
[2009/11/29 14:53:36 | 00,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[2009/11/26 12:20:36 | 00,017,408 | ---- | M] () -- C:\Users\Owner\Desktop\Telefones.xlsx
[2009/11/26 12:19:40 | 00,012,823 | ---- | M] () -- C:\Users\Owner\Documents\Backup de Telefones.xlk
[2009/11/26 11:19:12 | 00,000,919 | ---- | M] () -- C:\Users\Owner\Desktop\VoipRaider.lnk
[2009/11/24 20:29:02 | 00,510,294 | ---- | M] () -- C:\Users\Owner\Documents\Management Thyroid Nodules US.pdf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009/12/23 23:19:00 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/23 23:19:00 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/23 23:19:00 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/23 23:19:00 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/23 23:19:00 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/23 23:16:00 | 03,863,899 | R--- | C] () -- C:\Users\Owner\Desktop\Combo-Fix.exe
[2009/12/23 23:12:07 | 00,001,180 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/12/23 23:10:49 | 00,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/22 18:52:47 | 00,079,872 | ---- | C] () -- C:\Users\Owner\Documents\IbovAtivos2212.xlsx
[2009/12/19 14:37:33 | 00,000,744 | ---- | C] () -- C:\Users\Owner\Desktop\DVDFab 6.lnk
[2009/12/19 00:51:24 | 00,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2009/12/16 21:41:46 | 00,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2009/12/16 21:38:44 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/08 23:53:42 | 00,108,032 | RHS- | C] () -- C:\Windows\System32\wusak.dll
[2009/12/08 23:53:42 | 00,000,306 | -HS- | C] () -- C:\Windows\tasks\CAHQTXIZA.job
[2009/12/08 20:19:41 | 00,000,575 | ---- | C] () -- C:\Users\Owner\IbovAt.lnk
[2009/12/04 17:25:31 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/11/29 14:53:36 | 00,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[2009/11/26 12:16:51 | 00,017,408 | ---- | C] () -- C:\Users\Owner\Desktop\Telefones.xlsx
[2009/11/26 12:16:51 | 00,012,823 | ---- | C] () -- C:\Users\Owner\Documents\Backup de Telefones.xlk
[2009/11/24 20:29:02 | 00,510,294 | ---- | C] () -- C:\Users\Owner\Documents\Management Thyroid Nodules US.pdf
[2009/09/19 21:15:19 | 00,164,864 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2009/09/19 21:15:19 | 00,148,480 | ---- | C] () -- C:\Windows\System32\dbcapi.dll
[2009/09/19 21:15:19 | 00,017,920 | ---- | C] () -- C:\Windows\System32\MSWTHK32.DLL
[2009/09/19 21:15:19 | 00,003,360 | ---- | C] () -- C:\Windows\System32\MSWTHK16.DLL
[2009/09/19 21:15:18 | 00,158,720 | ---- | C] () -- C:\Windows\System32\LFCMP61N.DLL
[2009/09/19 21:15:18 | 00,110,080 | ---- | C] () -- C:\Windows\System32\Lfpng61n.dll
[2009/09/19 21:15:18 | 00,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL61N.DLL
[2009/09/19 21:15:18 | 00,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2009/09/17 11:19:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/14 20:25:48 | 00,000,671 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2009/06/14 20:25:27 | 00,000,034 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.log
[2009/06/14 20:23:49 | 00,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2009/06/14 20:23:49 | 00,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2009/05/21 12:51:44 | 00,000,292 | ---- | C] () -- C:\Windows\winros.ini
[2009/05/21 12:51:44 | 00,000,068 | ---- | C] () -- C:\Windows\winsig.ini
[2009/03/31 22:40:32 | 00,030,920 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/01/24 22:49:30 | 00,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/08/31 21:59:51 | 00,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2008/08/31 21:59:50 | 00,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2008/08/27 18:49:21 | 00,010,621 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/16 16:26:20 | 00,059,904 | ---- | C] () -- C:\Windows\ShareBarData.dll
[2008/03/12 18:25:48 | 00,000,000 | ---- | C] () -- C:\Windows\regset.INI
[2008/03/12 18:20:12 | 00,049,664 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 22:24:31 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2007/12/28 20:31:00 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/12/28 20:01:21 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/12/28 20:01:21 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/09/10 20:24:16 | 00,743,424 | R--- | C] () -- C:\Windows\libxml2.dll
[2007/09/10 20:22:01 | 00,872,448 | R--- | C] () -- C:\Windows\iconv.dll
[2007/09/03 04:18:00 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/09/03 03:18:13 | 00,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2007/04/25 19:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 19:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 18:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/09/03 03:49:11 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/09/03 03:49:11 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/09/03 03:49:10 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/16 07:09:59 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/16 07:09:59 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/16 07:09:58 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: ENETHOOK.DLL >[/color]
[2007/06/13 19:53:50 | 00,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Acer\Empowering Technology\eNet\eNetHook.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2008/06/20 19:26:08 | 00,028,160 | ---- | M] ()(C:\Users\Owner\Documents\FABPROCURA?O Rubens.doc) -- C:\Users\Owner\Documents\FABPROCURA플O Rubens.doc
[2008/06/20 19:12:12 | 00,028,160 | ---- | C] ()(C:\Users\Owner\Documents\FABPROCURA?O Rubens.doc) -- C:\Users\Owner\Documents\FABPROCURA플O Rubens.doc
< End of report >

Report •

#24
December 24, 2009 at 15:10:12
OTL Extras logfile created on: 24/12/2009 17:52:14 - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 22,22 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 26,55 Gb Free Space | 38,12% Space Free | Partition Type: NTFS
Drive E: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CE7A38-BE5B-4A63-86B0-A66F86957D1F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B80DAE4-74F2-4206-9D54-D3A4B18EB978}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0F83B886-D3BD-4B7D-B385-F7B4747E96AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{13654AF8-3B6D-48FE-B076-BF110F763B17}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B45BCED-0579-4195-899E-DFA9F6DE2078}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1C5AD1C8-E190-449B-8FCC-DE68AF036B74}" = rport=139 | protocol=6 | dir=out | app=system |
"{1FE90963-5842-471F-98CC-6B59AD76916D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21148E3C-59F7-42B1-B50D-0A1022BB61A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{30AEA1C8-AC83-4836-9E00-95B5027C7473}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46AE7368-B674-4204-B684-36F55A52EB27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48880AAA-A0AE-4EB8-99D9-D2E89583CE71}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{50946570-0953-4C01-9F25-64FF7CA8812D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{52C06FFF-F83B-49A4-9868-EA6386684280}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5AF37D4C-FCC8-4EF7-A0B6-B04D92A215E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CA521C0-5D73-421E-9C96-D486D9F8DFB9}" = lport=138 | protocol=17 | dir=in | app=system |
"{6100BDB2-2219-4D4A-B9B8-8A2ADB61B2BC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{68A5ACE8-88EC-4C9D-BB5D-2228EE2AF755}" = rport=137 | protocol=17 | dir=out | app=system |
"{6C22672B-22CA-46AD-9AFF-EE87A51BADD6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7178124E-1054-4144-9002-0A9D8D3893B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8C8D9F58-D07D-40C0-983C-48C50D1ABC07}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B6ABF353-0F4C-4128-AF19-269EB024E696}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D50E1521-A071-4756-9E3A-F0E7C7968803}" = lport=445 | protocol=6 | dir=in | app=system |
"{E11AE3B2-9CEE-4575-95B7-B82A1AEBC21E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E48EBD81-590A-4B02-B634-DF6FAB1F9B1A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F19BCF3C-E0AC-4423-8B07-27CCC56910E5}" = lport=137 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045635E4-4BF6-405F-83FB-11F49E06DB4D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{1835B56B-FDE2-42CE-BD52-DF87D8D07AFB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{270BA21F-8B0C-4212-B283-FB18D0B46E59}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{299B0925-E5AB-45F7-B596-638B6F588CEF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C281269-45F1-4D35-A850-AA5672BD13B2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2E35C545-5641-4161-A4B2-77A771EFE356}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{30378F49-B6F3-4413-B7AD-BED95A2DBE09}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{363C925B-9F22-40E1-9B7C-A45230F04663}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49126D3F-3505-4838-87FC-811837E44821}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{573033BE-294F-432C-82B3-7B91C653EDE3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6601FFF3-7B72-48CB-AA1E-360DD60F45CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D615DBF-589D-447B-B526-5FF29490F965}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7E012C23-B1B7-4F66-BE58-D403D7EA03E2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{836CF41C-1B68-47A3-B035-8E5AACD73B8C}" = protocol=17 | dir=in | app=c:\program files\voipraider.com\voipraider\voipraider.exe |
"{83757B8F-F4B4-495E-806B-C2DF341AFD9D}" = protocol=6 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"{877E1699-3CDB-4C3F-8CE0-7868C559D3A8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8AAE8581-E6CA-4AE4-941E-881043F32B0B}" = protocol=17 | dir=in | app=c:\program files\voipbuster.com\voipbuster\voipbuster.exe |
"{A2FD5D6F-7AAC-444E-823D-311BA9217530}" = protocol=6 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"{AE324802-776A-4D59-B8DF-2F0FACE2400B}" = protocol=6 | dir=in | app=c:\program files\voipraider.com\voipraider\voipraider.exe |
"{AFE4BCF8-8167-497A-B438-6D3DCF3ED4CB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BFCF7038-CB76-49FD-9989-07481B6FE80F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D654913F-CA63-4593-9107-A5DA33EAEA7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D65917DF-118A-4897-84A8-761783C95B17}" = protocol=17 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"{D81A0B4D-C3A8-4C35-BD68-5CA167C1BDA4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D98C36F6-A491-4093-A97F-F1F9A0ACD55E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA545E4E-884E-4182-A8B9-6DE477E019EC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB537CED-F009-4D5B-B916-A3FD3A8F8E15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F05DEA73-1E2F-4755-A892-42DBE70D0C50}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F887B376-A893-48ED-B508-9254F6691082}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FEE8B071-443D-4534-A3B4-A39F3C98C80C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{3207649C-99C1-4343-8FB9-DD71DFD6EA7B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{3B450A99-B260-4F68-A6E6-9EE1F82A2803}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3DF169B1-868B-4411-8F39-00453A77F3D8}C:\program files\tradezone\tzmetasolution\winros.exe" = protocol=6 | dir=in | app=c:\program files\tradezone\tzmetasolution\winros.exe |
"TCP Query User{48CD6DB9-9751-4EC2-A46E-D6314861E89D}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{5C465411-A1AA-4843-B433-86AA78EE8446}C:\program files\tradezone\tzmetasolution\winros.exe" = protocol=6 | dir=in | app=c:\program files\tradezone\tzmetasolution\winros.exe |
"TCP Query User{71834410-936B-45D8-A39E-B32F2BFC3CB9}C:\program files\voipraider.com\voipraider\voipraider.exe" = protocol=6 | dir=in | app=c:\program files\voipraider.com\voipraider\voipraider.exe |
"TCP Query User{E08212EA-39EA-4271-9A61-D42B413BFE5A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{ECB28FA8-76FE-4D8C-97A2-18C584CACC3B}C:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe" = protocol=6 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"TCP Query User{FC842A36-4E70-4FFE-8682-9145D5679C05}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{FE4DD646-CFA3-485F-B96A-CED294014F5B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0551373C-BAAC-419B-A42D-D5B9A2D43DD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1B80133F-6ADD-426F-9D5E-F249DCDC4EBF}C:\program files\tradezone\tzmetasolution\winros.exe" = protocol=17 | dir=in | app=c:\program files\tradezone\tzmetasolution\winros.exe |
"UDP Query User{1DB32204-7252-43E5-87F6-2A4ED28F4461}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{31E2751C-4C30-43C1-B46F-DCC8099E4E17}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{3B595723-0408-4640-8614-4905ACAAACCA}C:\program files\voipraider.com\voipraider\voipraider.exe" = protocol=17 | dir=in | app=c:\program files\voipraider.com\voipraider\voipraider.exe |
"UDP Query User{8DA53005-DCBE-4667-8A4E-1330FC681F73}C:\program files\tradezone\tzmetasolution\winros.exe" = protocol=17 | dir=in | app=c:\program files\tradezone\tzmetasolution\winros.exe |
"UDP Query User{99296E54-AAA2-406C-A5B9-1B22F460A65A}C:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe" = protocol=17 | dir=in | app=c:\program files\voipbusterpro.com\voipbusterpro\voipbusterpro.exe |
"UDP Query User{9D467B31-E28E-49C6-822D-ABC10334382B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D304A694-B8EA-48C5-82B4-3ED406DEF892}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{DCDA19EA-C3CA-46C9-8FDC-DAEE7F1BBB50}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0305EF07-5A9A-B463-C519-25832A9E4CE8}" = Catalyst Control Center Localization Hungarian
"{0AC776EB-198A-84CD-3FFE-CA2D32526933}" = Catalyst Control Center Core Implementation
"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10DB7DD8-E13F-B111-7914-29ADE3365CD9}" = Catalyst Control Center Localization Chinese Standard
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1459A7B4-4B95-A81C-7269-9A1B607C7936}" = Catalyst Control Center Graphics Light
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F4B92EA-2471-E141-0D61-94A5DAEABE0F}" = Catalyst Control Center Localization French
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{245CE5BE-2F5F-93F2-4A23-89F79ED8983E}" = Catalyst Control Center Localization Chinese Traditional
"{24F3CA05-14C6-4D1D-BED8-6E4F61EF1B0E}" = Windows Live Movie Maker
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39E07413-443B-1FF9-C043-809E0490C338}" = Catalyst Control Center Localization Polish
"{3A4001E5-AC32-2A32-DFA6-EF60D1337B74}" = Catalyst Control Center Localization Danish
"{3AE3393D-9098-231E-539C-EDD53CD26903}" = ccc-utility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{44105DBC-2DAA-E4B9-4DE1-0E21D071B961}" = ccc-core-static
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C6DCACE-F97A-726A-8A35-11F777ED55E0}" = Catalyst Control Center Localization Italian
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5E205568-85BA-816F-A312-4AB67FCCA457}" = Catalyst Control Center Localization Dutch
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6E0A60AB-3495-05BC-2504-ADBB49725A52}" = Catalyst Control Center Localization Thai
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7004AFD8-DC8E-E620-D663-34BE9FD3EEB8}" = Catalyst Control Center Localization Japanese
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3E
"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7599B516-83D2-4B41-8DC0-25FA4ADC112F}" = HOT ALBUM MYBOX
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.4.158
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9117B25F-DBD4-CA4F-AABE-027A258803C7}" = Catalyst Control Center Localization Finnish
"{92E59B06-D9A5-4292-05A7-681A8CECB59B}" = Catalyst Control Center Localization Swedish
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer
"{96734FC2-EAAB-531A-64EE-966F3A46462D}" = Catalyst Control Center Localization Greek
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync
"{9E8CB3AC-7E96-00D3-8D65-CC392C25E083}" = Catalyst Control Center Localization Portuguese
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1CF1BF3-757F-8148-3C12-6311DF91A1BD}" = Catalyst Control Center Localization Korean
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A267DEE4-2CD3-50D6-BDA8-A56E6BF123FB}" = ATI Catalyst Install Manager
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1F94B88-6F78-DCD7-F993-877393C4B39C}" = Catalyst Control Center Localization Spanish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC9A0FCA-41BE-0F9F-243C-6C3F02F4ECE5}" = Catalyst Control Center Localization Norwegian
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C0E96ECB-8A28-363F-B877-674C4696A49B}" = Catalyst Control Center Localization Russian
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3B3BB74-B49D-4B15-A5D4-863426EB96E0}" = Catalyst Control Center - Branding
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6F889A1-42CB-F4EE-6C99-CE13F4A409A6}" = Catalyst Control Center Localization Czech
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D82B5F-B67F-40F8-B4D1-B0415AB2DD86}" = LG Mobile Agent
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EA2EA2CA-5490-1ECA-84DA-0B6C2611449E}" = Catalyst Control Center Localization German
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EED3A9A4-E42E-7920-5C02-1348D595DE9C}" = Catalyst Control Center Localization Turkish
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free Studio_is1" = Free Studio version 4.2
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HQuote" = HQuote
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{7599B516-83D2-4B41-8DC0-25FA4ADC112F}" = HOT ALBUM MYBOX
"LManager" = Launch Manager
"MetaStock Professional 9.0" = MetaStock Professional 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TZMetaSolution" = TZMetaSolution 3.0.0.76
"Uninstall_is1" = Uninstall 1.0.0.1
"VoipRaider_is1" = VoipRaider
"Windows Mobile Device Handbook" = Palm® Support Center
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Report •

#25
December 26, 2009 at 08:57:14
I am still having problems ..... Any idea?

Thanks


Report •

#26
December 26, 2009 at 11:34:06
Hello Donn ml, I have been away for Christmas.

Finally a clue, maybe, in the last scan you ran.

We will need to disable Spyware Terminater real time protection until we get you clean. Go to this link for directions to disable it:

Disable Realtime Protection S/T

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.


1. Go to search
2. Type in cmd
3.Do NOT hit ENTER. Instead hit CTRL+SHIFT+ENTER.
4. Copy/paste the following line at the c:\ prompt.:

DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

Post the log it produces.


Report •

#27
December 26, 2009 at 11:51:07
Hi jabuck,

I think that I finally removed the spyware using Avenger and then scanning with Malwarebytes .
I think that you would be interested in the infected file:

.........\system32\wusak.dll

Thanks for your help and attention


Report •

#28
December 26, 2009 at 12:58:47
Did that stop the redirects?

Report •

#29
December 26, 2009 at 18:19:25
So far , so good........

Report •

#30
December 26, 2009 at 18:29:39
Thanks for the info.

If you have not done this clean up you should.

A little clean-up to do.

Delete RSIT, Win32kDiag, GMER, and TDSSKiller from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#31
December 26, 2009 at 18:31:19
Hi Donn_ml,

I am having same issue and tried so many thing but no luck, would you like to share what you did in detail so that i can try as well. Thanks in advance.

-VD


Report •

#32
December 27, 2009 at 20:56:53
Go to the site myantispyware,
and search:

How to remove gxvxcserv.sys trojan (google redirect virus)

It worked for me,
Good luck


Report •


Ask Question