Jump to content

bfvmg

Anti-Spyware Brigade
  • Content Count

    579
  • Joined

  • Last visited

About bfvmg

  • Rank
    Advanced Member

Contact Methods

  • AIM
    bfvmg1996
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    the Colorado Rockies
  • Interests
    Every freakin thing, seems like these days

Previous Fields

  • System Specifications:
    Which one? I am currently running 6 and building more!
  • Teams:
    PC Builders Club
  1. I have a good friend that is a professional photographer and uses those micro-Sd and SD cards in her cameras. She uses a USB adapter, and they are constantly breaking on her. like 4-5 a year she goes thru. SD are great, but when you have to remove, re-insert, so much they can start to break easy. Good workaround is to use the cable from camera to PC and transfer that way.
  2. I just built a FreeNAS server in an old desktop for $531.58 including shipping. It has 6TB of storage, Does my iTunes streaming, S-FTP, and back ups all 6 of my computers. this one replaced the one I had with only 1TB of storgage and I filled it up. Music and movies/TV Shows about filled 1TB. There is a reason that storage is gettign bigger and cheaper....because it so NEEDED. I highly recomend FreeNAS for backing up, easy to add more storage, and has a lot of uses.
  3. Hey Jon Tom. Thanks for your help. I had a seperate issue today with my PS, and I think while i get a new PS, I am going to go ahead and upgrade to an SSD. I have a good license for Win 7, so I will use that instead of Win XP. This hard drive under discussion I think I am going to format it now, and either use it as a data drive, or put it into an external enclosure and use it for an external drive or something. Please close this thread. Again, thanks for you help
  4. Hi Everyone, I am not sure what happened, but my hotmail was emailing virus's to all my contacts. Account was shutdown. I removed my hard drive to an external enclosure, and ran AVG 2012 on it, and found one trojan. I also ran SFC on it. Reinstalled harddrive, Now I see some tool bars that were installed, as well as search assistant and mywebsearch. I tried to remove them with no success... Here is my HJT log; Thanks in advance: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:55:47 PM, on 1/21/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab O16 - DPF: {302124C4-30A0-484A-9C7A-B51D5BA5306B} - http://www.vdhlive.com/ChilkatFtp2.cab O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270914336363 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4396C620-ACCD-11DC-AA5D-0002A5D5C51B} - http://www.vctvision.com/cabs/V7/7.0.0.13/vctal2.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Update Service (gupdate1ca138af9e8757a) (gupdate1ca138af9e8757a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8609 bytes
  5. Dakeyras, Computer is running great. No problems installing Java 6 update 21. Kaspersky Report: KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, October 10, 2010 Operating system: Microsoft Professional (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, October 10, 2010 19:25:08 Records in database: 4203759 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 98918 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:11:17 No threats found. Scanned area is clean. Selected area has been scanned.
  6. Hi Dakeyras, Sorry this tool so long. Life, as always, intruded and foiled my plans! Anyway, Computer seems to be running very good. I had no problems complying with your instructions. OTM Log: All processes killed ========== PROCESSES ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully. Registry key HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: User ->Temp folder emptied: 16744475 bytes ->Temporary Internet Files folder emptied: 297771622 bytes ->Java cache emptied: 7684881 bytes ->Apple Safari cache emptied: 12441600 bytes ->Flash cache emptied: 105601 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1248189 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 320.00 mb OTM by OldTimer - Version 3.1.16.1 log created on 10092010_154229 Files moved on Reboot... C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0E3Q9SEY\index[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4786 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/9/2010 3:55:15 PM mbam-log-2010-10-09 (15-55-15).txt Scan type: Quick scan Objects scanned: 137848 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) RSIT Log: Logfile of random's system information tool 1.08 (written by random/random) Run by User at 2010-10-09 15:56:00 Microsoft Windows 7 Ultimate System drive C: has 102 GB (34%) free of 305 GB Total RAM: 3001 MB (72% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:56:04 PM, on 10/9/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\RtHDVCpl.exe C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\User\Desktop\RSIT.exe C:\Program Files\trend micro\User.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1209&m=aspire_5735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5082 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GlaryInitialize.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-23 1619296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-10-04 2067808] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-07-28 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-10-09 15:42:29 ----D---- C:\_OTM 2010-10-04 20:53:58 ----D---- C:\rsit 2010-10-03 13:33:52 ----D---- C:\Program Files\Trend Micro 2010-10-03 11:01:40 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes 2010-10-03 11:01:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-03 11:01:20 ----D---- C:\ProgramData\Malwarebytes 2010-10-03 11:01:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-03 11:01:20 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-09-28 20:51:24 ----D---- C:\Program Files\iPod 2010-09-28 20:49:54 ----D---- C:\Program Files\Bonjour 2010-09-28 15:12:06 ----A---- C:\Windows\system32\tzres.dll 2010-09-20 19:40:36 ----A---- C:\Windows\system32\ntdll.dll 2010-09-20 19:40:34 ----A---- C:\Windows\system32\msdri.dll 2010-09-20 19:40:34 ----A---- C:\Windows\system32\CPFilters.dll 2010-09-18 19:02:42 ----D---- C:\Program Files\QuickTime 2010-09-16 03:03:05 ----D---- C:\Windows\PCHEALTH 2010-09-16 03:01:21 ----D---- C:\2338f69e371338437a27c791 2010-09-16 03:01:12 ----A---- C:\Windows\system32\iertutil.dll 2010-09-15 22:53:56 ----A---- C:\Windows\system32\spoolsv.exe ======List of files/folders modified in the last 1 months====== 2010-10-09 15:54:56 ----D---- C:\Windows\Prefetch 2010-10-09 15:49:14 ----D---- C:\Windows\System32 2010-10-09 15:49:14 ----D---- C:\Windows\inf 2010-10-09 15:49:14 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-10-09 15:47:40 ----D---- C:\Windows\system32\config 2010-10-09 15:45:33 ----D---- C:\Windows\Temp 2010-10-09 15:44:52 ----RD---- C:\Program Files 2010-10-09 15:44:52 ----HD---- C:\ProgramData 2010-10-09 15:44:52 ----D---- C:\Windows\Downloaded Program Files 2010-10-09 15:38:32 ----SHD---- C:\Windows\Installer 2010-10-09 15:38:32 ----D---- C:\Program Files\Common Files 2010-10-09 15:37:45 ----SHD---- C:\System Volume Information 2010-10-09 09:51:01 ----D---- C:\Windows\system32\drivers\Avg 2010-10-08 20:06:38 ----D---- C:\Windows 2010-10-08 03:05:06 ----D---- C:\Windows\Microsoft.NET 2010-10-08 03:05:01 ----RSD---- C:\Windows\assembly 2010-10-08 03:00:54 ----D---- C:\Windows\winsxs 2010-10-07 20:15:56 ----D---- C:\Windows\system32\catroot 2010-10-07 20:15:55 ----D---- C:\Windows\system32\catroot2 2010-10-03 11:01:21 ----D---- C:\Windows\system32\drivers 2010-10-03 08:59:48 ----D---- C:\Windows\system32\RTCOM 2010-10-03 08:57:53 ----D---- C:\Windows\Minidump 2010-09-29 11:34:26 ----D---- C:\Windows\rescache 2010-09-29 03:00:55 ----D---- C:\Windows\system32\en-US 2010-09-28 20:55:11 ----D---- C:\Program Files\Steam 2010-09-28 20:54:37 ----D---- C:\Program Files\Common Files\Steam 2010-09-28 20:51:54 ----D---- C:\Program Files\iTunes 2010-09-28 20:51:24 ----D---- C:\Program Files\Common Files\Apple 2010-09-21 22:53:18 ----D---- C:\Windows\Logs 2010-09-20 19:42:30 ----D---- C:\Windows\AppPatch 2010-09-20 19:42:19 ----D---- C:\Windows\ehome 2010-09-20 19:41:37 ----D---- C:\Windows\system32\DriverStore 2010-09-16 03:03:10 ----D---- C:\ProgramData\Microsoft Help 2010-09-16 03:01:23 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2008-08-18 40464] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-03 29584] R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-15 243024] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-07-28 9023488] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-11 61440] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 EuDisk;EASEUS Disk Enumerator; C:\Windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304] S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-20 921952] R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-09-26 411432] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400] -----------------EOF-----------------
  7. Here is the RSIT Info: ======Uninstall list====== Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001} Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D} Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643} Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Everio MediaBrowser-->"C:\Program Files\InstallShield Installation Information\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}\setup.exe" -runfromtemp -l0x0009UNINSTALL -removeonly Free Video to iPhone Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe" Glary Utilities 2.27.0.982-->"C:\Program Files\Glary Utilities\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4} Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe Paragon Drive Backup™ 9.0 Express-->MsiExec.exe /I{985F828E-0E98-429F-9C05-EF3BDE7568F7} PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE} Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Supreme Commander 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/40100 Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8} VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe ======System event log====== Computer Name: User-PC Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB957200(Update) into Install Requested(Install Requested) state Record Number: 16257 Source Name: Microsoft-Windows-Servicing Time Written: 20100121062520.000000-000 Event Type: Warning User: User-PC\User Computer Name: User-PC Event Code: 4374 Message: Windows Servicing identified that package KB957200(Update) is not applicable for this system Record Number: 16244 Source Name: Microsoft-Windows-Servicing Time Written: 20100121062502.000000-000 Event Type: Warning User: User-PC\User Computer Name: User-PC Event Code: 4374 Message: Windows Servicing identified that package KB957200(Update) is not applicable for this system Record Number: 16243 Source Name: Microsoft-Windows-Servicing Time Written: 20100121062502.000000-000 Event Type: Warning User: User-PC\User Computer Name: User-PC Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB953155(Security Update) into Install Requested(Install Requested) state Record Number: 16237 Source Name: Microsoft-Windows-Servicing Time Written: 20100121062454.000000-000 Event Type: Warning User: User-PC\User Computer Name: User-PC Event Code: 4376 Message: Servicing has required reboot to complete the operation of setting package KB953155(Security Update) into Install Requested(Install Requested) state Record Number: 16235 Source Name: Microsoft-Windows-Servicing Time Written: 20100121062454.000000-000 Event Type: Warning User: User-PC\User =====Application event log===== Computer Name: User-PC Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 486 Source Name: Microsoft-Windows-WMI Time Written: 20091211154341.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: User-PC Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 485 Source Name: Microsoft-Windows-WMI Time Written: 20091211154341.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: User-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 470 Source Name: Microsoft-Windows-WMI Time Written: 20091211153944.000000-000 Event Type: Error User: Computer Name: User-PC Event Code: 1008 Message: Record Number: 466 Source Name: Microsoft-Windows-Search Time Written: 20091211153941.000000-000 Event Type: Warning User: Computer Name: WIN-8MGB3JWMZ19 Event Code: 1036 Message: Record Number: 452 Source Name: Microsoft-Windows-SpoolerSpoolss Time Written: 20091211152925.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Security event log===== Computer Name: WIN-8MGB3JWMZ19 Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8MGB3JWMZ19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 395 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080430102048.203698-000 Event Type: Audit Success User: Computer Name: WIN-8MGB3JWMZ19 Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 394 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080430102048.016498-000 Event Type: Audit Success User: Computer Name: WIN-8MGB3JWMZ19 Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-8MGB3JWMZ19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 393 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080430102048.016498-000 Event Type: Audit Success User: Computer Name: WIN-8MGB3JWMZ19 Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-8MGB3JWMZ19$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1f4 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 392 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080430102048.016498-000 Event Type: Audit Success User: Computer Name: WIN-8MGB3JWMZ19 Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-4221570622-3000181652-2523527844-500 Account Name: Administrator Domain Name: WIN-8MGB3JWMZ19 Logon ID: 0x30152 Record Number: 391 Source Name: Microsoft-Windows-Eventlog Time Written: 20080430102042.806098-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "DFSTRACINGON"=FALSE "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\ "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "asl.log"=Destination=file;OnFirstLog=command,environment "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  8. Hi Dakeyras. Thanks for yor help. My COmputer seems to be running ok. No slowdowns, popups or malware readily found. I was just concerned with some informatio nthat seems to be "Missing" and keeps asking me for information for my credit cards. Information that I have already submitted once. Here is the Gmer Log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-10-04 20:48:52 Windows 6.1.7600 Running: t1d7qhdl.exe; Driver: C:\Users\User\AppData\Local\Temp\kgtdapob.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1DAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E062D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E05898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1D6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1DF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1E1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E7D599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text peauth.sys AD61EC9D 28 Bytes [CF, 08, AA, 5D, B1, 77, 00, ...] .text peauth.sys AD61ECC1 28 Bytes [CF, 08, AA, 5D, B1, 77, 00, ...] PAGE peauth.sys AD624B9B 72 Bytes JMP 26B47621 PAGE peauth.sys AD624BEC 89 Bytes [6E, A5, C5, 7A, F5, CD, 68, ...] PAGE peauth.sys AD624C46 21 Bytes [9D, 51, 42, 63, 01, 0E, 59, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogParamW 758F9BFF 5 Bytes JMP 6DE6C570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!EnableWindow 758FA72E 5 Bytes JMP 6DE6C4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!GetAsyncKeyState 758FC09A 5 Bytes JMP 6DE2D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!UnhookWindowsHookEx 758FCC7B 5 Bytes JMP 6DF2835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CallNextHookEx 758FCC8F 5 Bytes JMP 6DF09D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateWindowExW 75900E51 5 Bytes JMP 6DF18157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetWindowsHookExW 7590210A 5 Bytes JMP 6DEC4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!GetKeyState 75904FDA 5 Bytes JMP 6DE6D762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!IsDialogMessageW 75906F06 5 Bytes JMP 6DE34284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogParamA 75913E79 5 Bytes JMP 6E040571 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!IsDialogMessage 7591407A 5 Bytes JMP 6E03FE12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogIndirectParamA 75919110 5 Bytes JMP 6E0405A8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogIndirectParamW 759208AD 5 Bytes JMP 6E0405DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamW 75924AA7 5 Bytes JMP 6E03F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!EndDialog 7592555C 5 Bytes JMP 6DE35AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamW 7592564A 5 Bytes JMP 6DE34BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetKeyboardState 75926B52 5 Bytes JMP 6E040177 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SendInput 75927055 5 Bytes JMP 6E040D3C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetCursorPos 7593C1D8 5 Bytes JMP 6E040D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamA 7593CF6A 5 Bytes JMP 6E03F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamA 7593D29C 5 Bytes JMP 6E03F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectA 7594E8C9 5 Bytes JMP 6E03F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectW 7594E9C3 5 Bytes JMP 6E03F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExA 7594EA29 5 Bytes JMP 6E03F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExW 7594EA4D 5 Bytes JMP 6E03F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!keybd_event 7594EC9B 5 Bytes JMP 6E0410C7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] SHELL32.dll!SHChangeNotification_Lock + 45BA 7611B440 4 Bytes [11, 36, A6, 6E] {ADC [ESI], ESI; CMPSB ; OUTSB } .text C:\Program Files\Internet Explorer\iexplore.exe[2808] SHELL32.dll!SHChangeNotification_Lock + 45C2 7611B448 8 Bytes [5F, 35, A6, 6E, D0, 73, A5, ...] {POP EDI; XOR EAX, 0x73d06ea6; MOVSD ; OUTSB } .text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!OleLoadFromStream 75ED5B88 5 Bytes JMP 6E03FCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!CoCreateInstance 75F257FC 5 Bytes JMP 6DF18C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!CreateWindowExW 75900E51 5 Bytes JMP 6DF18157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamW 75924AA7 5 Bytes JMP 6E03F970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamW 7592564A 5 Bytes JMP 6DE34BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamA 7593CF6A 5 Bytes JMP 6E03F90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamA 7593D29C 5 Bytes JMP 6E03F9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectA 7594E8C9 5 Bytes JMP 6E03F8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectW 7594E9C3 5 Bytes JMP 6E03F837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExA 7594EA29 5 Bytes JMP 6E03F7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExW 7594EA4D 5 Bytes JMP 6E03F773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ---- Here is the RSIT Log: ogfile of random's system information tool 1.08 (written by random/random) Run by User at 2010-10-04 20:53:58 Microsoft Windows 7 Ultimate System drive C: has 108 GB (35%) free of 305 GB Total RAM: 3001 MB (63% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:54:02 PM, on 10/4/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\User\Desktop\RSIT.exe C:\Program Files\trend micro\User.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1209&m=aspire_5735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5544 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GlaryInitialize.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-23 1619296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] Partner BHO Class - C:\ProgramData\Partner\partner.dll [2009-12-11 157168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-10-04 2067808] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456] "Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe [2010-08-15 232912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-07-28 228864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-10-04 20:53:58 ----D---- C:\rsit 2010-10-03 13:33:52 ----D---- C:\Program Files\Trend Micro 2010-10-03 11:01:40 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes 2010-10-03 11:01:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-03 11:01:20 ----D---- C:\ProgramData\Malwarebytes 2010-10-03 11:01:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-03 11:01:20 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-09-28 20:51:24 ----D---- C:\Program Files\iPod 2010-09-28 20:49:54 ----D---- C:\Program Files\Bonjour 2010-09-28 15:12:06 ----A---- C:\Windows\system32\tzres.dll 2010-09-20 19:40:36 ----A---- C:\Windows\system32\ntdll.dll 2010-09-20 19:40:34 ----A---- C:\Windows\system32\msdri.dll 2010-09-20 19:40:34 ----A---- C:\Windows\system32\CPFilters.dll 2010-09-18 19:02:42 ----D---- C:\Program Files\QuickTime 2010-09-16 03:03:05 ----D---- C:\Windows\PCHEALTH 2010-09-16 03:01:21 ----D---- C:\2338f69e371338437a27c791 2010-09-16 03:01:12 ----A---- C:\Windows\system32\iertutil.dll 2010-09-15 22:53:56 ----A---- C:\Windows\system32\spoolsv.exe ======List of files/folders modified in the last 1 months====== 2010-10-04 20:54:02 ----D---- C:\Windows\Prefetch 2010-10-04 18:46:47 ----D---- C:\Windows\Temp 2010-10-04 18:46:45 ----D---- C:\Windows\system32\drivers\Avg 2010-10-04 09:51:47 ----D---- C:\Windows\system32\config 2010-10-04 08:21:50 ----SHD---- C:\System Volume Information 2010-10-03 14:18:53 ----D---- C:\Windows\System32 2010-10-03 14:18:53 ----D---- C:\Windows\inf 2010-10-03 14:18:53 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-10-03 13:33:52 ----RD---- C:\Program Files 2010-10-03 11:01:21 ----D---- C:\Windows\system32\drivers 2010-10-03 11:01:20 ----HD---- C:\ProgramData 2010-10-03 09:48:14 ----D---- C:\Windows 2010-10-03 08:59:48 ----D---- C:\Windows\system32\RTCOM 2010-10-03 08:57:53 ----D---- C:\Windows\Minidump 2010-09-30 08:43:29 ----SHD---- C:\Windows\Installer 2010-09-29 11:34:26 ----D---- C:\Windows\rescache 2010-09-29 03:01:02 ----D---- C:\Windows\winsxs 2010-09-29 03:00:55 ----D---- C:\Windows\system32\en-US 2010-09-28 20:55:11 ----D---- C:\Program Files\Steam 2010-09-28 20:54:37 ----D---- C:\Program Files\Common Files\Steam 2010-09-28 20:51:54 ----D---- C:\Program Files\iTunes 2010-09-28 20:51:24 ----D---- C:\Program Files\Common Files\Apple 2010-09-28 15:11:29 ----D---- C:\Windows\system32\catroot 2010-09-21 22:53:18 ----D---- C:\Windows\Logs 2010-09-20 20:48:29 ----D---- C:\Windows\Microsoft.NET 2010-09-20 20:47:50 ----RSD---- C:\Windows\assembly 2010-09-20 19:42:30 ----D---- C:\Windows\AppPatch 2010-09-20 19:42:19 ----D---- C:\Windows\ehome 2010-09-20 19:41:38 ----D---- C:\Windows\system32\catroot2 2010-09-20 19:41:37 ----D---- C:\Windows\system32\DriverStore 2010-09-16 03:03:10 ----D---- C:\ProgramData\Microsoft Help 2010-09-16 03:01:23 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2008-08-18 40464] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-03 29584] R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-15 243024] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-07-28 9023488] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-11 61440] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 EuDisk;EASEUS Disk Enumerator; C:\Windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784] S3 kgtdapob;kgtdapob; \??\C:\Users\User\AppData\Local\Temp\kgtdapob.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304] S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-20 921952] R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-09-26 411432] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400] -----------------EOF-----------------
  9. Hi everyone, My computer restartd last night, and now iTunes is telling me that a "New COmputer accessed my information so I have to reverify my credit card info" I ran MBAM and didnt find anything, but I am paranoid and want to be sure. I ran HJT and it had a problem with a hosts file????? Not sure what happened there. Anyway, here is my HJT this log. I know it says something about unknown windows, but I assure you I am running a licensed copy of Win7 Ultimate (I am a Technet member and thats where the license came from). Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:34:06 PM, on 10/3/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1209&m=aspire_5735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6191 bytes
  10. Verizaon has better coverage. SPrint usually has better deal with plans. But for my money, you cant beat an Iphone. I love it, and use it all the stinking time. I would definately buy another one, despite the "Antenna problem".
  11. Hey Bruce (et al) I know at my company we have been using HP Procurve wirelese controllers for 3+ years now, and spending LOTS of mony (about $75-$100 per access point in licensing fees). Attach the controller to HP Procurve Wireless AP's ($350+ per radio), and you have a great, easily deployable remotely managed wireless network... We are now looking at setting up and using a linux wireless controler box, and paying something like $5 per AP license. It ends up costing about half what it does using HP equipment, and about 1/10th of what it would cost using Cisco stuff. HP and Cisco are charging thru the roof for licensing fees these days. Its like Ink...thats where they make their money, you know!
  12. Welcome to the Pit. First, I woudl recomend upgrading to Windows 7. If that is not an option, have you recently changed from a private to a public network? Have you changed the settings on a router? Did you change any setting in the network and sharing center regarding order of wireless networks? Did you take your laptop anywhere and log ito a different network, and suplant your home network as the primary private network? All of these may cause your problems.....
  13. bacterozoid Yes, My linksys router can do that also. However, I am using a Motorola modem/router provided by Qwest. That will not allow you to place your dyndns info on it and update automatically. I spent a few hours going thru every menu on the thing, plus readiung the admind guide. No - Go. it will nto do it! Like I said, the update client from DynDNS works fine. Thanks though....
  14. AIM 6. I think they are up to like 8 or 9 now. Also, AOL just sucks. I ecomend you gdt away from that anyway. Foxit Toolbar Ask.com 4.1.0.5 Whats this? I dislike toolbars anyway, and this looks like more adware to me. The .net framework and MSXML are both fine. They are needed by several MS and other applications, and are not doing anyharm... I say leave them.
  15. Yep. Thanks Wdeywonder. That did the trick. It works fine now. Thanks for teh help!!! :-)
×
×
  • Create New...