1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

BHOs Trojans Malware & tracking cookies Problems. Please Help!

Discussion in 'Virus & Other Malware Removal' started by 8tony, Oct 28, 2011.

Thread Status:
Not open for further replies.
  1. 8tony

    8tony Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    3
    Hey Guys! Recently I've been attacked numerus time by exploits Java/CVE-2010-0094.FN and JS/Blacole.O when I automatically updated Java; these were removed by Microsoft Security Essentials. I know that I maybe infected by a variant of about:blank, and have some BHO, trojans, and tracking cookies that can't get rid rid of with my scanners. Also I have problems with IE & Firefox when I switch from full to normal screen using F11 - the menus and url bars don't fill in properly and I can't minimize the windows on the first try. Clicking links doesn't work on the first try sometimes. I use IE more often because of the built-in security features but it's become more unstable lately maybe because of the infections my netbook has. I have performed a number of FixIt's through the microsoft support site but still feel there's some processes slowing my netbook down. This is my netbook info:

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2
    Processor Count: 2
    RAM: 1523 Mb
    Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 224 Mb
    Hard Drives: C: Total - 146632 MB, Free - 857 MB;
    Motherboard: Acer, , Base Board Version, Base Board Serial Number
    Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Enabled,
    Microsoft Security Essentials

    FYI the GMER site is unavailable thrugh IE and Microsoft Word gives this error "unable to open http://gmer.net/index.php. cannot locate the internet server or proxy" so I used Adware Away instead.

    Here are my scanlogs:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:06:07 PM, on 10/28/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Program Files\Adware Away\AA Antimalware.exe
    C:\Documents and Settings\user\Desktop\PROGRAM DOWNLOADS\HijackThis.exe
    C:\Program Files\Registrar Registry Manager\rr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aoa150
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Open FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
    O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...QAtAEYAOQBNADIAKwAxAA"&"prod=90"&"ver=9.0.894
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: FVDToolbar Add Page - res://C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Open FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D43} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Open FVD Suite Toolbar - {2B171655-A69C-5c18-B693-6CB5DC269D43} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264586680562
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) -
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
    --
    End of file - 14748 bytes
    ============================================================================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by user at 17:01:03 on 2011-10-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1524.501 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Xobni\XobniService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\dllhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aoa150
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [LaunchApp] Alaunch
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [PLFSetL] c:\windows\PLFSetL.exe
    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
    mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...QAtAEYAOQBNADIAKwAxAA"&"prod=90"&"ver=9.0.894
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: FVDToolbar Add Page - c:\program files\fvd suite\addons\ie\FVDToolbar.dll/IECONTEXT.DLL.HTM
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264586680562
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B56DB731-4C2D-43C8-870F-66DB01BC51AA} : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\m8iz1nqj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b518ff1&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - component: c:\program files\fvd suite\addons\firefox\components\fvd_connector.dll
    FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\m8iz1nqj.default\extensions\[email protected]\plugins\npTVUAx.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: FVD Suite Toolbar: {fa46cb24-1d5b-4048-911a-2857a0944395} - c:\program files\fvd suite\addons\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: TVU Web Player: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DiagnosticScan;DiagnosticScan Driver;c:\windows\system32\drivers\DiagnosticScan.SYS [2011-10-28 12800]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-1 64512]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
    R1 MpKsld8733962;MpKsld8733962;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a426037c-c23d-4c04-883f-96d50138bb02}\MpKsld8733962.sys [2011-10-28 28752]
    R1 Start1Driver;Adware Away Driver;c:\windows\system32\drivers\Start1Driver.SYS [2011-10-28 51200]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-7-14 44776]
    S1 MpKsl016d55b4;MpKsl016d55b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e98e07b6-f412-463b-b889-9657c7608ca0}\mpksl016d55b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e98e07b6-f412-463b-b889-9657c7608ca0}\MpKsl016d55b4.sys [?]
    S1 MpKsl08fb273b;MpKsl08fb273b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cf0b6a5-65f4-4b02-b527-a468980391c7}\mpksl08fb273b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cf0b6a5-65f4-4b02-b527-a468980391c7}\MpKsl08fb273b.sys [?]
    S1 MpKsl330f5f0f;MpKsl330f5f0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7ee7be3d-2805-4dba-bf31-b8d1e902dd5d}\mpksl330f5f0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7ee7be3d-2805-4dba-bf31-b8d1e902dd5d}\MpKsl330f5f0f.sys [?]
    S1 MpKsl4071422b;MpKsl4071422b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3afa9be-f09b-4097-b031-d3aa505b5fce}\mpksl4071422b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3afa9be-f09b-4097-b031-d3aa505b5fce}\MpKsl4071422b.sys [?]
    S1 MpKsl5cdcd71e;MpKsl5cdcd71e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0661b9a1-e839-4651-8fb0-a8c235ed2b9e}\mpksl5cdcd71e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0661b9a1-e839-4651-8fb0-a8c235ed2b9e}\MpKsl5cdcd71e.sys [?]
    S1 MpKsl65f4e9dc;MpKsl65f4e9dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fc445e-b816-453c-bf5f-6809aa9afc67}\mpksl65f4e9dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fc445e-b816-453c-bf5f-6809aa9afc67}\MpKsl65f4e9dc.sys [?]
    S1 MpKsla6be5601;MpKsla6be5601;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a426037c-c23d-4c04-883f-96d50138bb02}\mpksla6be5601.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a426037c-c23d-4c04-883f-96d50138bb02}\MpKsla6be5601.sys [?]
    S1 MpKslb9b29b3b;MpKslb9b29b3b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13450d21-0e55-43bd-9186-343985586e3d}\mpkslb9b29b3b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13450d21-0e55-43bd-9186-343985586e3d}\MpKslb9b29b3b.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-28 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-20 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-28 135664]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-10 359248]
    .
    =============== Created Last 30 ================
    .
    2011-10-28 19:51:02 32824 ----a-w- c:\windows\system32\rrMon.sys
    2011-10-28 19:33:54 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
    2011-10-28 19:27:10 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a426037c-c23d-4c04-883f-96d50138bb02}\MpKsld8733962.sys
    2011-10-28 19:26:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a426037c-c23d-4c04-883f-96d50138bb02}\offreg.dll
    2011-10-28 19:25:09 12800 ----a-w- c:\windows\system32\drivers\DiagnosticScan.SYS
    2011-10-28 19:25:08 51200 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
    2011-10-28 19:25:07 -------- d-----w- c:\program files\Adware Away
    2011-10-28 19:08:55 -------- d-----w- c:\program files\Registrar Registry Manager
    2011-10-28 00:29:53 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a426037c-c23d-4c04-883f-96d50138bb02}\mpengine.dll
    2011-10-23 02:39:23 -------- d-----w- c:\program files\Veetle
    2011-10-23 02:14:53 -------- d-----w- c:\documents and settings\user\application data\vShare
    2011-10-23 02:14:43 -------- d-----w- c:\program files\vShare
    2011-10-14 03:09:48 -------- d-----w- C:\01dd968cd79d1e215f03
    2011-10-05 15:40:44 -------- d-----w- c:\program files\iPod
    2011-10-05 15:40:37 -------- d-----w- c:\program files\iTunes
    2011-10-05 15:31:30 -------- d-----w- c:\program files\Bonjour
    2011-09-30 01:31:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2011-10-17 00:38:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    2011-08-18 03:20:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    1997-10-07 02:22:28 33024 ----a-w- c:\program files\JOIN16.EXE
    1997-10-07 02:15:48 45056 ----a-w- c:\program files\Join32.exe
    .
    ============= FINISH: 17:07:34.65 ===============
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/4/2009 9:00:44 AM
    System Uptime: 10/28/2011 3:26:13 PM (2 hours ago)
    .
    Motherboard: Acer | |
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1595/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 143 GiB total, 0.837 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_015B1025&REV_02\4&20975680&0&00E1
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_015B1025&REV_02\4&20975680&0&00E1
    Service: RTLE8023xp
    .
    ==== System Restore Points ===================
    .
    RP733: 10/15/2011 1:27:58 PM - Software Distribution Service 3.0
    RP734: 10/15/2011 2:36:00 PM - Software Distribution Service 3.0
    RP735: 10/15/2011 7:34:34 PM - Software Distribution Service 3.0
    RP736: 10/16/2011 7:47:12 PM - Software Distribution Service 3.0
    RP737: 10/17/2011 8:28:44 PM - Software Distribution Service 3.0
    RP738: 10/18/2011 7:48:25 PM - Software Distribution Service 3.0
    RP739: 10/19/2011 8:39:01 AM - Installed Java(TM) 6 Update 29
    RP740: 10/19/2011 8:17:14 PM - Software Distribution Service 3.0
    RP741: 10/20/2011 10:58:57 PM - Software Distribution Service 3.0
    RP742: 10/22/2011 2:25:54 AM - Software Distribution Service 3.0
    RP743: 10/23/2011 11:46:52 AM - Software Distribution Service 3.0
    RP744: 10/24/2011 12:31:41 PM - Software Distribution Service 3.0
    RP745: 10/24/2011 8:53:28 PM - Software Distribution Service 3.0
    RP746: 10/25/2011 7:57:08 PM - Software Distribution Service 3.0
    RP747: 10/26/2011 7:54:03 PM - Software Distribution Service 3.0
    RP748: 10/27/2011 10:54:18 AM - Software Distribution Service 3.0
    RP749: 10/27/2011 2:21:45 PM - Software Distribution Service 3.0
    RP750: 10/27/2011 8:29:44 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    ĀµTorrent
    7-Zip 4.65
    Acer Crystal Eye webcam
    Acer ScreenSaver
    Acrobat.com
    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.6
    Adware Away 4.1.0
    Ancient Secrets (remove only)
    AnyTV Free 2.46
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BitTorrent
    BitTorrentBar Toolbar
    Bonjour
    Carbonite Online Backup Setup
    ConvertHelper 2.2
    CoreAAC
    eSobi v2
    FirmTools Duplicate Photo Finder 1
    FQ Uploader 0.41
    FVD Suite 2.5.1
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Internet Explorer (Enable DEP)
    InterVideo Register Manager
    InterVideo WinDVD
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    JDownloader
    JMicron JMB38X Flash Media Controller
    Junk Mail filter update
    LAME v3.98.2 for Audacity
    Launch Manager
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mihov Picture Downloader 1.5 (remove only)
    Mozilla Firefox (3.6.6)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Orbit Downloader
    QuickTime
    Real Alternative 2.0.1
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Registrar Registry Manager 6.52
    Registrar Registry Manager 6.52 (Lite Edition)
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Sothink FLV Player
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    StudioTax 2008
    StudioTax 2009
    StudioTax 2010
    Synaptics Pointing Device Driver
    The KMPlayer (remove only)
    TheSage
    Treasure Seekers Visions of Gold (remove only)
    U3Launcher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Veetle TV
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    vShare Plugin
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    WinPcap 4.1.1
    WinRAR archiver
    Xobni
    Xobni Core
    Yahoo! Detect
    YouTube Downloader 3.3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file viaide.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 1.0.1.1.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ultra.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 1.0.507.1.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file toside.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file symc8xx.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2409.1.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file symc810.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2409.1.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file sym_u3.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2462.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file sym_hi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2462.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file sparrow.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2409.1.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ql1280.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 7.13.1.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ql1240.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ql12160.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 7.13.2.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ql10wnt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ql1080.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 3.4.0.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file perc2hib.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2467.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file perc2.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2467.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mraid35x.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file lbrtfdc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.10.1.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file intelide.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file inport.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file ini910u.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file i2omp.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 1.0.0.6.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file i2omgmt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file hpn.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2467.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file dpti2o.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2462.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file dac960nt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file dac2w2k.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.21.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cpqarray.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cmdide.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 2.0.7.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file changer.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file cd20xrnt.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file asc3550.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file asc3350p.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file asc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file amsint.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aliide.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.0.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aic78xx.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2474.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aic78u2.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2474.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aha154x.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file adpu160m.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2484.0.
    10/28/2011 3:34:24 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file abp480n5.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
    10/27/2011 2:43:37 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
    10/27/2011 12:18:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    10/27/2011 12:18:53 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/27/2011 12:18:53 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
    Adware Away Scanlog
    C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe : Process : Malware : No Action Taken
    HKLM\SYSTEM\CurrentControlSet\Services\PCIDump : Driver : rootkit.pcidump : No Action Taken
    HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP : Driver : rootkit.pdcomp : No Action Taken
    HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME : Driver : rootkit.pdframe : No Action Taken
    HKLM\SYSTEM\CurrentControlSet\Services\PDRELI : Driver : rootkit.pdreli : No Action Taken
    HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME : Driver : rootkit.pdrframe : No Action Taken
    HKCR:popCapLoader.PopCapLoaderCtrl2 : Registry Key : Rogue.Popcap : No Action Taken
    HKCR:popCapLoader.PopCapLoaderCtrl2.1 : Registry Key : Rogue.Popcap : No Action Taken
    HKCR\CLSID:{015CA7C6-DECD-40dc-AAAC-73EA9940E0F9} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{0BA70019-98B1-4B44-9DC5-9AF8634B1C25} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{16F3DD56-1AF5-4347-846D-7C10C4192619} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{25CD009F-FFBF-418A-8E11-7A877CAFCAF5} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{387E725D-DC16-4D76-B310-2C93ED4752A0} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{49C5A184-B52F-489C-AFE9-8A8E34A9A63E} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{56F9679E-7826-4C84-81F3-532071A8BCC5} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{6C467336-8281-4E60-8204-430CED96822D} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{7A35A3A8-3DEA-40e5-B2AA-21DEF91A219A} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{8F170678-2A97-4D59-89A1-7A0A71C1B677} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{920E6DB1-9907-4370-B3A0-BAFC03D81399} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{963D107C-4A82-4756-9370-F6C67533DFF1} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{99FD978C-D287-4F50-827F-B2C658EDA8E7} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{9CEE304E-DC6C-11D2-B561-00A0C92E6848} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{A449600E-1DC6-4232-B948-9BD794D62056} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{C17E064B-7436-44E0-A7E4-CEE1D86DFCCC} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{E368C602-8E8B-4782-B22F-D916145DF7C8} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{E46D1FAF-5B42-40C7-88B9-C702A6E9FE74} : Registry Key : IE Hijacker : No Action Taken
    HKCR\CLSID:{FA2FAAC1-9316-48F3-A294-121FEEA80CEC} : Registry Key : IE Hijacker : No Action Taken
    HKCR\interface:{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA} : Registry Key : Trojan.Agent : No Action Taken
    HKCR\interface:{FE8A736F-4124-4D9C-B4B1-3B12381EFABE} : Registry Key : Trojan.Agent : No Action Taken
    HKCR\TypeLib:{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1} : Registry Key : Trojan.Agent : No Action Taken

    Please let me know of any suggestions and/or fixes I can use, your input will greatly appreciated. Thanks. 8tony.
     
  2. 8tony

    8tony Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    3
    I forgot to add that the words "waiting for about:blank" appear in the bottom left corner of IE after I click a link, and I also get a rapid blinking cursor in some online form/search fields, and when i go to save something from the internet, the words in the left pane such us my computer, my documents, etc. are in bold. I'm worried about checking email and logging into my various accounts and I would like to solve this issue for good. Hope this helps, thanks again.

    I checked GMER again and here's my scanlog
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-29 11:55:19
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9A300 rev.FB2OC40C
    Running: g7xv3uvc.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fglyrpob.sys

    ---- System - GMER 1.0.15 ----
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[1556] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1748] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1748] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3292B771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 06104D20 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 06104EA0 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 061044A0 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 06104600 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3720] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 060D4D20 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 060D4EA0 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 060D44A0 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 060D4600 C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4112] WS2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xE2 0xD2 0xC4 0xB6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{c1685465-abb9-4931-86e9-ba8b733ab8ff}@Model 194
    Reg HKLM\SOFTWARE\Classes\CLSID\{c1685465-abb9-4931-86e9-ba8b733ab8ff}@Therad 31
    Reg HKLM\SOFTWARE\Classes\CLSID\{c1685465-abb9-4931-86e9-ba8b733ab8ff}@MData 0x2B 0x8F 0x78 0x29 ...
    ---- EOF - GMER 1.0.15 ----
     
  3. 8tony

    8tony Thread Starter

    Joined:
    Oct 28, 2011
    Messages:
    3
    I really hope that most of the 150+ views of my thread are from the dedicated tech people. I understand that my problem is complex and that you guys are very busy, I just need to see "In Progress" when I check my thread status. Is there something I did not provide or did I do something wrong? I'm in desperate need of help here and would like a little bit of input into solving my netbook issues. If someone who has already viewed this thread please respond, it would be very much appreciated. Thanks again for your time. 8tony.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1024476

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice