1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Hijack

Discussion in 'Virus & Other Malware Removal' started by dave5151, Nov 13, 2011.

Thread Status:
Not open for further replies.
  1. dave5151

    dave5151 Thread Starter

    Joined:
    Nov 13, 2011
    Messages:
    4
    My advent laptop has been displaying some strange symptoms lately. My internet browsers keep taking me to random incorrect pages. I keep getting a balloon popping up regularly saying that internet explorer has been closed even when Im not running internet explorer. The laptop's performance is slower than usual. I have run several different Anti Malware/Spyware programs and AVG anti-virus. They pick many malicious items up and I remove them when found, however the problem still remains. Please find the requested logs below.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz, x64 Family 6 Model 23 Stepping 6
    Processor Count: 2
    RAM: 1912 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 828 Mb
    Hard Drives: C: Total - 227472 MB, Free - 82998 MB; D: Total - 476937 MB, Free - 7496 MB; S: Total - 1499 MB, Free - 1355 MB;
    Motherboard: DIXONSXP, DIXONSXP
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14:53:44, on 13/11/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19154)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/accmeware/{19F78C31-D6B2-4866-83A9-907CE37862C5}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 7750 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
    Run by ruth at 14:35:37 on 2011-11-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1912.664 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\FsUsbExService.Exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\BitComet\tools\BitCometService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uSearch Bar = Preserve
    uStart Page = hxxp://www.searchqu.com/
    mStart Page = hxxp://www.bigseekpro.com/accmeware/{19F78C31-D6B2-4866-83A9-907CE37862C5}
    mSearchAssistant =
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NPSStartup]
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{A5790F50-359C-4CDA-860C-8C52371F6BC3} : DhcpNameServer = 10.10.10.254
    TCP: Interfaces\{F1F4E4EA-2DA5-489F-9231-3BA279D90DD6} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\5ueciwiq.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\5ueciwiq.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\ruth\appdata\locallow\sony online entertainment\npsoe.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-19 232512]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-1-18 233472]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-6 1153368]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-18 36608]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-22 112128]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-22 3658752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 135664]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-10 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 135664]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-8-23 42512]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-5-7 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-5-7 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-5-7 121856]
    .
    =============== Created Last 30 ================
    .
    2011-11-13 14:32:36 388096 ----a-r- c:\users\ruth\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-13 14:32:35 -------- d-----w- c:\program files\Trend Micro
    2011-11-13 09:02:31 -------- d-----w- c:\users\ruth\appdata\local\{90200D1B-66A8-4B6B-82DB-8398C8D0430A}
    2011-11-13 09:02:19 -------- d-----w- c:\users\ruth\appdata\local\{2F9DBFC6-39BA-42C1-A995-F83D7A7A707E}
    2011-11-12 20:30:44 -------- d-----w- c:\users\ruth\appdata\local\{F8319567-C446-41C4-BA7B-172B40EB7CCD}
    2011-11-12 20:30:30 -------- d-----w- c:\users\ruth\appdata\local\{0F6C95BF-DC07-48F0-8090-81571E5E0A36}
    2011-11-11 17:17:28 -------- d-----w- c:\users\ruth\appdata\local\Adobe
    2011-11-11 07:40:28 -------- d-----w- c:\users\ruth\appdata\local\Ahead
    2011-11-09 07:35:41 -------- d-----w- c:\users\ruth\appdata\local\{B69F4D32-E457-4D47-9370-2539359419AD}
    2011-11-09 07:35:28 -------- d-----w- c:\users\ruth\appdata\local\{4AF19D17-1DA2-43C1-829D-E12CBB7C6DBD}
    2011-11-09 07:23:00 -------- d-----w- c:\users\ruth\appdata\local\{16A20BC4-BAD6-4222-8FC8-672B5CA2A7BA}
    2011-11-09 07:22:48 -------- d-----w- c:\users\ruth\appdata\local\{02B668F3-14C4-46D4-BDC7-50C12A15CCBD}
    2011-11-09 07:21:59 -------- d-----w- c:\users\ruth\appdata\local\{77216E07-02EB-4C17-8953-65E3877D29BE}
    2011-11-09 07:21:44 -------- d-----w- c:\users\ruth\appdata\local\{9ADA3B85-5513-45C5-BD8C-91C3FBAE0E40}
    2011-11-09 07:14:51 -------- d-----w- c:\users\ruth\appdata\local\{4AF3AA0D-8AF2-47CE-BD8F-A1CC1EF7A56F}
    2011-11-09 07:14:40 -------- d-----w- c:\users\ruth\appdata\local\{5482CD5F-255C-421E-B881-7C4119DCA792}
    2011-11-09 07:07:02 -------- d-----w- c:\users\ruth\appdata\local\{B1163525-F91A-494C-9889-6098CFEB5189}
    2011-11-09 07:06:48 -------- d-----w- c:\users\ruth\appdata\local\{0F6613E7-C33A-452F-A8C0-7D34927EB0F9}
    2011-11-09 07:01:24 -------- d-----w- c:\users\ruth\appdata\local\{3FBE148B-9867-4F53-B6BB-35E7DFD0620E}
    2011-11-09 07:01:11 -------- d-----w- c:\users\ruth\appdata\local\{D0EAA0A7-E314-4F7B-B33C-C1AFC9D83AA7}
    2011-11-09 06:56:52 -------- d-----w- c:\users\ruth\appdata\local\{FB46B25C-1C0C-47EA-89EB-DC4801D96D1F}
    2011-11-09 06:56:34 -------- d-----w- c:\users\ruth\appdata\local\{CFA349E2-B4A6-4082-AB82-EE3F258105C2}
    2011-11-09 06:49:14 -------- d-----w- c:\users\ruth\appdata\local\{0C2FC49F-3101-442B-A152-9A0D5559DF48}
    2011-11-09 06:48:37 -------- d-----w- c:\users\ruth\appdata\local\{445F9E64-A474-4462-B83A-B014AE711C4A}
    2011-11-09 06:44:03 -------- d-----w- c:\users\ruth\appdata\local\{62CBAD3D-5528-4C1B-A07D-EFF4ECC57A57}
    2011-11-09 06:43:49 -------- d-----w- c:\users\ruth\appdata\local\{09A4E227-E81E-43D3-B7E1-4D8729839953}
    2011-11-08 20:47:14 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-08 20:46:42 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-08 20:46:41 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-08 20:46:39 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-07 00:14:05 -------- d-----w- c:\users\ruth\appdata\local\{C489D2D8-3BD5-4C61-89A1-DFBC019B4C63}
    2011-11-07 00:13:43 -------- d-----w- c:\users\ruth\appdata\local\{F7B7C18B-3DBB-48C8-B336-0AE50D08A085}
    2011-11-06 10:48:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-06 10:48:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-06 10:41:56 -------- d-----w- c:\users\ruth\appdata\local\{C27270CD-5340-42BD-8EDA-58FC8ECA5FE7}
    2011-11-05 09:35:43 -------- d-----w- c:\users\ruth\appdata\local\{017D0029-0AAE-4AE2-8641-ACE599F8FDCC}
    2011-11-05 09:35:30 -------- d-----w- c:\users\ruth\appdata\local\{F065EB67-303D-4E5C-9C93-DF5BC9A022A5}
    2011-11-04 09:03:31 -------- d-----w- c:\users\ruth\appdata\local\{DAD19011-4C8F-44BA-B786-9F6C0E4A0355}
    2011-11-04 09:03:17 -------- d-----w- c:\users\ruth\appdata\local\{EC45CB91-8D35-413B-9150-F2910BE5F477}
    2011-11-04 09:02:08 -------- d-----w- c:\users\ruth\appdata\local\{D7C50FB0-8031-4BCB-A1EA-B3B47823CA52}
    2011-11-04 09:01:54 -------- d-----w- c:\users\ruth\appdata\local\{73E965E0-D412-490F-8877-F5E9ADCD438F}
    2011-11-04 08:56:13 -------- d-----w- c:\users\ruth\appdata\local\{3B1CA4B2-A42B-4FDA-AB72-1B79356D9EC8}
    2011-11-04 08:55:55 -------- d-----w- c:\users\ruth\appdata\local\{B4DA8312-28E7-4E2D-8BEF-CA40D373713A}
    2011-11-03 08:33:33 -------- d-----w- c:\users\ruth\appdata\local\{D5BA4D23-0D20-47B9-AE04-2FF3C1AC4D48}
    2011-11-02 15:45:31 -------- d-----w- c:\users\ruth\appdata\local\{A1448EEA-905F-4610-B467-06F0E28B8C01}
    2011-11-02 15:45:17 -------- d-----w- c:\users\ruth\appdata\local\{85CDD942-667C-47BD-B561-98E951B07406}
    2011-11-02 12:04:35 -------- d-----w- c:\users\ruth\appdata\local\{56E0673D-F1BD-4AA1-BA6F-7318CCEA11BB}
    2011-11-02 12:04:23 -------- d-----w- c:\users\ruth\appdata\local\{D5934923-E082-40DE-BE2B-DE20FE6F12C6}
    2011-11-01 22:54:27 -------- d-----w- c:\users\ruth\appdata\local\{2FD5CEBC-BEE8-4146-BE28-11E6A371FB1E}
    2011-11-01 22:54:15 -------- d-----w- c:\users\ruth\appdata\local\{6351AD56-EDF0-42A1-91EF-0798BA125A03}
    2011-11-01 21:59:30 -------- d-----w- c:\users\ruth\appdata\local\{D862E661-D0E2-4ECD-A64E-E56503B18275}
    2011-11-01 21:59:16 -------- d-----w- c:\users\ruth\appdata\local\{177F74C8-C5EC-43DC-9140-EE18C030E30C}
    2011-11-01 21:36:57 -------- d-----w- c:\users\ruth\appdata\local\{803BBD9D-695D-4428-9B80-7EB8A1DCE47C}
    2011-11-01 21:36:43 -------- d-----w- c:\users\ruth\appdata\local\{AD52FC06-1C6E-4644-8F7E-1499D1F7DF44}
    2011-11-01 21:29:34 -------- d-----w- c:\users\ruth\appdata\local\{1AD48A46-A6BB-4110-9255-10FD315C9539}
    2011-11-01 21:29:23 -------- d-----w- c:\users\ruth\appdata\local\{764E024A-7455-42AF-AF1F-7CC2E9889C71}
    2011-10-31 20:38:11 -------- d-----w- c:\program files\CCleaner
    2011-10-31 14:49:08 -------- d-----w- c:\users\ruth\appdata\local\{58AA1B7C-F9AF-4DAC-BA73-E093FAA6950D}
    2011-10-31 14:48:56 -------- d-----w- c:\users\ruth\appdata\local\{D2E0866A-2B55-4F97-AD59-4BD90D75E11C}
    2011-10-31 14:46:18 -------- d-----w- c:\users\ruth\appdata\local\{23329F71-F3B6-4512-BC23-7F15E72AEA7C}
    2011-10-31 14:46:04 -------- d-----w- c:\users\ruth\appdata\local\{5FDE6076-33F2-4A33-828C-3A151DEB025A}
    2011-10-31 10:17:21 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-10-31 08:06:58 -------- d-----w- c:\users\ruth\appdata\local\{39A59147-7B35-4874-987F-A922A34EE9C4}
    2011-10-31 08:06:46 -------- d-----w- c:\users\ruth\appdata\local\{4D073900-BF85-4502-A520-467FAE4416F4}
    2011-10-31 08:04:22 -------- d-----w- c:\users\ruth\appdata\local\{F9CB665C-20CC-4777-AEFE-BC9B5C8B7939}
    2011-10-31 08:04:10 -------- d-----w- c:\users\ruth\appdata\local\{0CB1874F-E991-4254-88A6-DD237264D4A4}
    2011-10-31 07:58:42 -------- d-----w- c:\users\ruth\appdata\local\{A3C14FA0-027B-4167-9D33-7A3DB64781B2}
    2011-10-31 07:55:58 -------- d-----w- c:\users\ruth\appdata\local\{8D61F8FB-4A8A-4F7E-8AE0-900F07BD72C1}
    2011-10-31 07:49:19 -------- d-----w- c:\users\ruth\appdata\local\{47D9F2CF-68CE-4F52-B12B-23771FB4BD73}
    2011-10-31 07:48:54 -------- d-----w- c:\users\ruth\appdata\local\{C50929D2-DA46-4D0D-80A9-0BD299479B77}
    2011-10-31 07:47:45 -------- d-----w- c:\users\ruth\appdata\local\{4A9A7688-3E13-45B9-A960-829DA70D66C9}
    2011-10-31 07:47:33 -------- d-----w- c:\users\ruth\appdata\local\{A1F55D73-AA28-4BA6-8910-5735852061A0}
    2011-10-30 21:29:08 -------- d-----w- c:\users\ruth\appdata\local\{F427A2A0-2A42-46C6-BD07-AC3D4AEFE1B6}
    2011-10-30 21:28:52 -------- d-----w- c:\users\ruth\appdata\local\{19620702-A38E-4AD4-8073-1A1388BE5876}
    2011-10-30 10:46:39 -------- d-----w- c:\users\ruth\appdata\local\{31D3C9A1-68F3-4BE7-941D-9D569904BE05}
    2011-10-30 10:46:25 -------- d-----w- c:\users\ruth\appdata\local\{61E48961-D7AB-43F2-B1A0-5AAE3B24518D}
    2011-10-29 11:57:12 -------- d-----w- c:\users\ruth\appdata\local\{1E2B0580-D82F-4373-AD50-448AACAA37CD}
    2011-10-29 11:57:00 -------- d-----w- c:\users\ruth\appdata\local\{530FF71A-5C37-4FC6-9D0B-B16857417FBE}
    2011-10-29 10:16:06 -------- d-----w- c:\users\ruth\appdata\local\{4C98544C-FF68-41FC-8252-199341E60094}
    2011-10-29 10:15:09 -------- d-----w- c:\users\ruth\appdata\local\{3B8215F7-784D-4D86-A3F6-C3E59FBF44B6}
    2011-10-29 10:14:53 -------- d-----w- c:\users\ruth\appdata\local\{E8DDD471-E472-4DA0-BF48-CA442D4E689A}
    2011-10-29 10:14:37 -------- d-----w- c:\users\ruth\appdata\local\{F7D40799-A570-41D3-92BB-DF27FCB10375}
    2011-10-28 08:31:07 -------- d-----w- c:\users\ruth\appdata\local\{F26C49A2-7760-4E76-A730-8FD7A5FE991B}
    2011-10-28 08:30:56 -------- d-----w- c:\users\ruth\appdata\local\{938D5287-83B5-4AB4-8C8C-CF2DCFBE7357}
    2011-10-27 10:18:19 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-10-27 10:03:15 -------- d-----w- c:\users\ruth\appdata\local\{4A4F66F4-0D60-411E-AA91-5499B6E1FC69}
    2011-10-27 10:02:56 -------- d-----w- c:\users\ruth\appdata\local\{EE9ADAFA-A35A-4CF2-8DA7-D62334CFCDD0}
    2011-10-25 03:42:12 -------- d-----w- c:\users\ruth\appdata\local\{6275F722-391D-402F-AD8E-60776402313A}
    2011-10-25 03:41:31 -------- d-----w- c:\users\ruth\appdata\local\{9AF5A1FD-A8D2-4417-9912-11930B87B19B}
    2011-10-24 12:58:20 -------- d-----w- c:\users\ruth\appdata\local\{1A5BBF15-1DE7-4478-8598-D03B7E8152F5}
    2011-10-24 12:58:07 -------- d-----w- c:\users\ruth\appdata\local\{0D175238-92D6-4BA0-8B3D-C435E9ED338C}
    2011-10-24 06:19:56 -------- d-----w- c:\users\ruth\appdata\local\{58D6248D-3FDF-4A34-B2C4-A0F5717EFD0A}
    2011-10-24 06:19:45 -------- d-----w- c:\users\ruth\appdata\local\{F85AF369-C569-4349-A32E-92CD000180CA}
    2011-10-23 17:46:38 -------- d-----w- c:\users\ruth\appdata\local\{38EBE4B7-B5C8-4AC9-8C38-3AEC6F6D2861}
    2011-10-23 17:46:23 -------- d-----w- c:\users\ruth\appdata\local\{D1DCF563-7906-42F2-92CB-5434C8672F42}
    2011-10-23 15:27:19 -------- d--h--w- C:\$AVG
    2011-10-23 14:10:21 -------- d-----w- c:\users\ruth\appdata\roaming\AVG2012
    2011-10-23 14:06:47 -------- d--h--w- c:\programdata\Common Files
    2011-10-23 14:04:25 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-23 14:04:25 -------- d-----w- c:\programdata\AVG2012
    2011-10-23 14:02:25 -------- d-----w- c:\program files\AVG
    2011-10-23 13:52:16 -------- d-----w- c:\programdata\MFAData
    2011-10-22 15:03:33 -------- d-----w- c:\users\ruth\appdata\local\{117221FA-2ED8-4B25-9861-36D4DD245A62}
    2011-10-22 15:03:21 -------- d-----w- c:\users\ruth\appdata\local\{8743F368-4441-470A-A7C9-2D9EAF904E97}
    2011-10-22 13:18:06 -------- d-----w- c:\users\ruth\appdata\local\{5E4968A3-4D57-431A-A3B1-1AB1CECDF090}
    2011-10-22 13:17:53 -------- d-----w- c:\users\ruth\appdata\local\{D6965C86-C7AF-4EFF-92B5-20DFFE3A7F3B}
    2011-10-22 10:45:46 -------- d-----w- c:\users\ruth\appdata\local\{0F45FB4E-F88C-4ED1-9C53-7BA53FBD7EDA}
    2011-10-22 10:45:32 -------- d-----w- c:\users\ruth\appdata\local\{F4A08E2D-2546-428A-8B96-F08291E30B36}
    2011-10-22 00:03:51 -------- d-----w- c:\users\ruth\appdata\local\{99BD57BA-3EEC-46E2-9171-43ABC3ED9A1A}
    2011-10-22 00:03:38 -------- d-----w- c:\users\ruth\appdata\local\{D69FBC86-D08E-4A60-AA4E-04D838D861F2}
    2011-10-20 12:09:05 -------- d-----w- c:\users\ruth\appdata\local\{1A43F5F4-901D-4A79-9611-8A936E97EA54}
    2011-10-20 12:08:53 -------- d-----w- c:\users\ruth\appdata\local\{57CB54F8-BA0D-4D9F-A18C-62821CFBFF5A}
    2011-10-20 07:05:04 -------- d-----w- c:\users\ruth\appdata\local\{5D8A2BAD-3E93-4636-BD29-83994FDB0C7A}
    2011-10-20 07:04:48 -------- d-----w- c:\users\ruth\appdata\local\{50A9D270-4F73-4FD5-9FFA-D859ED6E5CBA}
    2011-10-19 16:47:23 -------- d-----w- c:\users\ruth\appdata\local\{B05B42FF-EF67-45D4-B7FE-221150BFCE2E}
    2011-10-19 16:47:10 -------- d-----w- c:\users\ruth\appdata\local\{3B51C4BD-973D-498D-B3F2-807610267168}
    2011-10-19 11:16:00 -------- d-----w- c:\users\ruth\appdata\local\{223D7EB6-6C06-411C-BA75-2B266F88A7A1}
    2011-10-19 11:15:48 -------- d-----w- c:\users\ruth\appdata\local\{F7A7104C-86C0-4856-98B1-CD9D009CF8CB}
    2011-10-19 08:48:41 -------- d-----w- c:\users\ruth\appdata\local\{ADA6D4F2-59C1-48BB-ACDF-6193FAED948B}
    2011-10-19 08:48:25 -------- d-----w- c:\users\ruth\appdata\local\{51A4709A-EFB9-4815-A4F6-2C8D79D97172}
    2011-10-19 07:12:27 -------- d-----w- c:\users\ruth\appdata\local\{807826F7-9B94-4EC5-B606-4CD5BB1071CF}
    2011-10-19 07:12:23 -------- d-----w- c:\users\ruth\appdata\local\{B25FC88D-CCAD-4698-922C-C0D1A5C30A2E}
    2011-10-19 06:32:44 -------- d-----w- c:\users\ruth\appdata\roaming\18456
    2011-10-19 06:32:12 -------- d-----w- c:\users\ruth\appdata\roaming\E4E18
    2011-10-18 07:39:16 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9db5ca13-9057-4805-b63b-cc6df297c727}\mpengine.dll
    2011-10-18 07:35:21 -------- d-----w- c:\users\ruth\appdata\local\{D3753594-CCB7-4BAF-96E2-98AB1BE313D1}
    2011-10-18 07:35:06 -------- d-----w- c:\users\ruth\appdata\local\{D600908C-A5EA-40DF-A6BA-BB27C0CE8365}
    2011-10-17 06:42:18 -------- d-----w- c:\users\ruth\appdata\local\{2CEF42B4-5DE1-4ECF-BAF9-883D51515D4E}
    2011-10-17 06:42:07 -------- d-----w- c:\users\ruth\appdata\local\{5D99C092-7511-43DE-802B-FE6C243738DE}
    2011-10-16 19:39:27 -------- d-----w- c:\users\ruth\appdata\local\{5ECEAC93-DAD9-4BF0-B33C-9F00B34462B8}
    2011-10-16 19:39:10 -------- d-----w- c:\users\ruth\appdata\local\{B2F1ABA7-FFEC-4DC1-94A6-38020811BCB9}
    2011-10-16 09:24:39 -------- d-----w- c:\users\ruth\appdata\local\{67791A5C-3EC9-408A-909C-C4CA7D64B7FE}
    2011-10-16 09:24:27 -------- d-----w- c:\users\ruth\appdata\local\{80B36934-8E37-4820-A464-E95F4C31D475}
    2011-10-15 08:47:18 -------- d-----w- c:\users\ruth\appdata\local\{F34FB006-19BF-42FC-AD45-3E33BEC3E78D}
    2011-10-15 08:47:06 -------- d-----w- c:\users\ruth\appdata\local\{D48A2DEE-19D5-473E-B43B-6F7537A3716D}
    .
    ==================== Find3M ====================
    .
    2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 06:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
    2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-19 20:15:14 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-09-18 08:25:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-09-13 18:23:53 737280 ----a-w- c:\windows\iun6002.exe
    2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-23 06:49:13 88704 ----a-w- c:\windows\system32\packet.dll
    2011-08-23 06:49:13 42512 ----a-w- c:\windows\system32\drivers\npf.sys
    2011-08-23 06:49:13 240240 ----a-w- c:\windows\system32\wpcap.dll
    2011-08-15 20:22:48 1 ----a-w- c:\windows\system32\SI.bin
    .
    ============= FINISH: 14:44:27.39 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-13 16:07:13
    Windows 6.0.6002 Service Pack 2
    Running: dxh1gh7k.exe; Driver: C:\Users\ruth\AppData\Local\Temp\kwtdrpow.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x4C 0x59 0x20 0x4B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x06 0xB8 0x68 0xC6 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x4C 0x59 0x20 0x4B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x06 0xB8 0x68 0xC6 ...

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. dave5151

    dave5151 Thread Starter

    Joined:
    Nov 13, 2011
    Messages:
    4
    Can someone please please help
     
  3. dave5151

    dave5151 Thread Starter

    Joined:
    Nov 13, 2011
    Messages:
    4
    I know I was told to allow up to 48 hours a reply but it's been 5 days now.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026719

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice