Browser Hijack

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dave5151

Thread Starter
Joined
Nov 13, 2011
Messages
4
My advent laptop has been displaying some strange symptoms lately. My internet browsers keep taking me to random incorrect pages. I keep getting a balloon popping up regularly saying that internet explorer has been closed even when Im not running internet explorer. The laptop's performance is slower than usual. I have run several different Anti Malware/Spyware programs and AVG anti-virus. They pick many malicious items up and I remove them when found, however the problem still remains. Please find the requested logs below.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz, x64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 1912 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 828 Mb
Hard Drives: C: Total - 227472 MB, Free - 82998 MB; D: Total - 476937 MB, Free - 7496 MB; S: Total - 1499 MB, Free - 1355 MB;
Motherboard: DIXONSXP, DIXONSXP
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:44, on 13/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/accmeware/{19F78C31-D6B2-4866-83A9-907CE37862C5}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7750 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
Run by ruth at 14:35:37 on 2011-11-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1912.664 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitComet\tools\BitCometService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar = Preserve
uStart Page = hxxp://www.searchqu.com/
mStart Page = hxxp://www.bigseekpro.com/accmeware/{19F78C31-D6B2-4866-83A9-907CE37862C5}
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NPSStartup]
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A5790F50-359C-4CDA-860C-8C52371F6BC3} : DhcpNameServer = 10.10.10.254
TCP: Interfaces\{F1F4E4EA-2DA5-489F-9231-3BA279D90DD6} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\5ueciwiq.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\users\ruth\appdata\roaming\mozilla\firefox\profiles\5ueciwiq.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ruth\appdata\locallow\sony online entertainment\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-19 232512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-1-18 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-6 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-18 36608]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-22 112128]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-22 3658752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 135664]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-8-23 42512]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-5-7 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-5-7 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-5-7 121856]
.
=============== Created Last 30 ================
.
2011-11-13 14:32:36 388096 ----a-r- c:\users\ruth\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-13 14:32:35 -------- d-----w- c:\program files\Trend Micro
2011-11-13 09:02:31 -------- d-----w- c:\users\ruth\appdata\local\{90200D1B-66A8-4B6B-82DB-8398C8D0430A}
2011-11-13 09:02:19 -------- d-----w- c:\users\ruth\appdata\local\{2F9DBFC6-39BA-42C1-A995-F83D7A7A707E}
2011-11-12 20:30:44 -------- d-----w- c:\users\ruth\appdata\local\{F8319567-C446-41C4-BA7B-172B40EB7CCD}
2011-11-12 20:30:30 -------- d-----w- c:\users\ruth\appdata\local\{0F6C95BF-DC07-48F0-8090-81571E5E0A36}
2011-11-11 17:17:28 -------- d-----w- c:\users\ruth\appdata\local\Adobe
2011-11-11 07:40:28 -------- d-----w- c:\users\ruth\appdata\local\Ahead
2011-11-09 07:35:41 -------- d-----w- c:\users\ruth\appdata\local\{B69F4D32-E457-4D47-9370-2539359419AD}
2011-11-09 07:35:28 -------- d-----w- c:\users\ruth\appdata\local\{4AF19D17-1DA2-43C1-829D-E12CBB7C6DBD}
2011-11-09 07:23:00 -------- d-----w- c:\users\ruth\appdata\local\{16A20BC4-BAD6-4222-8FC8-672B5CA2A7BA}
2011-11-09 07:22:48 -------- d-----w- c:\users\ruth\appdata\local\{02B668F3-14C4-46D4-BDC7-50C12A15CCBD}
2011-11-09 07:21:59 -------- d-----w- c:\users\ruth\appdata\local\{77216E07-02EB-4C17-8953-65E3877D29BE}
2011-11-09 07:21:44 -------- d-----w- c:\users\ruth\appdata\local\{9ADA3B85-5513-45C5-BD8C-91C3FBAE0E40}
2011-11-09 07:14:51 -------- d-----w- c:\users\ruth\appdata\local\{4AF3AA0D-8AF2-47CE-BD8F-A1CC1EF7A56F}
2011-11-09 07:14:40 -------- d-----w- c:\users\ruth\appdata\local\{5482CD5F-255C-421E-B881-7C4119DCA792}
2011-11-09 07:07:02 -------- d-----w- c:\users\ruth\appdata\local\{B1163525-F91A-494C-9889-6098CFEB5189}
2011-11-09 07:06:48 -------- d-----w- c:\users\ruth\appdata\local\{0F6613E7-C33A-452F-A8C0-7D34927EB0F9}
2011-11-09 07:01:24 -------- d-----w- c:\users\ruth\appdata\local\{3FBE148B-9867-4F53-B6BB-35E7DFD0620E}
2011-11-09 07:01:11 -------- d-----w- c:\users\ruth\appdata\local\{D0EAA0A7-E314-4F7B-B33C-C1AFC9D83AA7}
2011-11-09 06:56:52 -------- d-----w- c:\users\ruth\appdata\local\{FB46B25C-1C0C-47EA-89EB-DC4801D96D1F}
2011-11-09 06:56:34 -------- d-----w- c:\users\ruth\appdata\local\{CFA349E2-B4A6-4082-AB82-EE3F258105C2}
2011-11-09 06:49:14 -------- d-----w- c:\users\ruth\appdata\local\{0C2FC49F-3101-442B-A152-9A0D5559DF48}
2011-11-09 06:48:37 -------- d-----w- c:\users\ruth\appdata\local\{445F9E64-A474-4462-B83A-B014AE711C4A}
2011-11-09 06:44:03 -------- d-----w- c:\users\ruth\appdata\local\{62CBAD3D-5528-4C1B-A07D-EFF4ECC57A57}
2011-11-09 06:43:49 -------- d-----w- c:\users\ruth\appdata\local\{09A4E227-E81E-43D3-B7E1-4D8729839953}
2011-11-08 20:47:14 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-08 20:46:42 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:46:41 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-08 20:46:39 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-07 00:14:05 -------- d-----w- c:\users\ruth\appdata\local\{C489D2D8-3BD5-4C61-89A1-DFBC019B4C63}
2011-11-07 00:13:43 -------- d-----w- c:\users\ruth\appdata\local\{F7B7C18B-3DBB-48C8-B336-0AE50D08A085}
2011-11-06 10:48:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-06 10:48:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-06 10:41:56 -------- d-----w- c:\users\ruth\appdata\local\{C27270CD-5340-42BD-8EDA-58FC8ECA5FE7}
2011-11-05 09:35:43 -------- d-----w- c:\users\ruth\appdata\local\{017D0029-0AAE-4AE2-8641-ACE599F8FDCC}
2011-11-05 09:35:30 -------- d-----w- c:\users\ruth\appdata\local\{F065EB67-303D-4E5C-9C93-DF5BC9A022A5}
2011-11-04 09:03:31 -------- d-----w- c:\users\ruth\appdata\local\{DAD19011-4C8F-44BA-B786-9F6C0E4A0355}
2011-11-04 09:03:17 -------- d-----w- c:\users\ruth\appdata\local\{EC45CB91-8D35-413B-9150-F2910BE5F477}
2011-11-04 09:02:08 -------- d-----w- c:\users\ruth\appdata\local\{D7C50FB0-8031-4BCB-A1EA-B3B47823CA52}
2011-11-04 09:01:54 -------- d-----w- c:\users\ruth\appdata\local\{73E965E0-D412-490F-8877-F5E9ADCD438F}
2011-11-04 08:56:13 -------- d-----w- c:\users\ruth\appdata\local\{3B1CA4B2-A42B-4FDA-AB72-1B79356D9EC8}
2011-11-04 08:55:55 -------- d-----w- c:\users\ruth\appdata\local\{B4DA8312-28E7-4E2D-8BEF-CA40D373713A}
2011-11-03 08:33:33 -------- d-----w- c:\users\ruth\appdata\local\{D5BA4D23-0D20-47B9-AE04-2FF3C1AC4D48}
2011-11-02 15:45:31 -------- d-----w- c:\users\ruth\appdata\local\{A1448EEA-905F-4610-B467-06F0E28B8C01}
2011-11-02 15:45:17 -------- d-----w- c:\users\ruth\appdata\local\{85CDD942-667C-47BD-B561-98E951B07406}
2011-11-02 12:04:35 -------- d-----w- c:\users\ruth\appdata\local\{56E0673D-F1BD-4AA1-BA6F-7318CCEA11BB}
2011-11-02 12:04:23 -------- d-----w- c:\users\ruth\appdata\local\{D5934923-E082-40DE-BE2B-DE20FE6F12C6}
2011-11-01 22:54:27 -------- d-----w- c:\users\ruth\appdata\local\{2FD5CEBC-BEE8-4146-BE28-11E6A371FB1E}
2011-11-01 22:54:15 -------- d-----w- c:\users\ruth\appdata\local\{6351AD56-EDF0-42A1-91EF-0798BA125A03}
2011-11-01 21:59:30 -------- d-----w- c:\users\ruth\appdata\local\{D862E661-D0E2-4ECD-A64E-E56503B18275}
2011-11-01 21:59:16 -------- d-----w- c:\users\ruth\appdata\local\{177F74C8-C5EC-43DC-9140-EE18C030E30C}
2011-11-01 21:36:57 -------- d-----w- c:\users\ruth\appdata\local\{803BBD9D-695D-4428-9B80-7EB8A1DCE47C}
2011-11-01 21:36:43 -------- d-----w- c:\users\ruth\appdata\local\{AD52FC06-1C6E-4644-8F7E-1499D1F7DF44}
2011-11-01 21:29:34 -------- d-----w- c:\users\ruth\appdata\local\{1AD48A46-A6BB-4110-9255-10FD315C9539}
2011-11-01 21:29:23 -------- d-----w- c:\users\ruth\appdata\local\{764E024A-7455-42AF-AF1F-7CC2E9889C71}
2011-10-31 20:38:11 -------- d-----w- c:\program files\CCleaner
2011-10-31 14:49:08 -------- d-----w- c:\users\ruth\appdata\local\{58AA1B7C-F9AF-4DAC-BA73-E093FAA6950D}
2011-10-31 14:48:56 -------- d-----w- c:\users\ruth\appdata\local\{D2E0866A-2B55-4F97-AD59-4BD90D75E11C}
2011-10-31 14:46:18 -------- d-----w- c:\users\ruth\appdata\local\{23329F71-F3B6-4512-BC23-7F15E72AEA7C}
2011-10-31 14:46:04 -------- d-----w- c:\users\ruth\appdata\local\{5FDE6076-33F2-4A33-828C-3A151DEB025A}
2011-10-31 10:17:21 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-31 08:06:58 -------- d-----w- c:\users\ruth\appdata\local\{39A59147-7B35-4874-987F-A922A34EE9C4}
2011-10-31 08:06:46 -------- d-----w- c:\users\ruth\appdata\local\{4D073900-BF85-4502-A520-467FAE4416F4}
2011-10-31 08:04:22 -------- d-----w- c:\users\ruth\appdata\local\{F9CB665C-20CC-4777-AEFE-BC9B5C8B7939}
2011-10-31 08:04:10 -------- d-----w- c:\users\ruth\appdata\local\{0CB1874F-E991-4254-88A6-DD237264D4A4}
2011-10-31 07:58:42 -------- d-----w- c:\users\ruth\appdata\local\{A3C14FA0-027B-4167-9D33-7A3DB64781B2}
2011-10-31 07:55:58 -------- d-----w- c:\users\ruth\appdata\local\{8D61F8FB-4A8A-4F7E-8AE0-900F07BD72C1}
2011-10-31 07:49:19 -------- d-----w- c:\users\ruth\appdata\local\{47D9F2CF-68CE-4F52-B12B-23771FB4BD73}
2011-10-31 07:48:54 -------- d-----w- c:\users\ruth\appdata\local\{C50929D2-DA46-4D0D-80A9-0BD299479B77}
2011-10-31 07:47:45 -------- d-----w- c:\users\ruth\appdata\local\{4A9A7688-3E13-45B9-A960-829DA70D66C9}
2011-10-31 07:47:33 -------- d-----w- c:\users\ruth\appdata\local\{A1F55D73-AA28-4BA6-8910-5735852061A0}
2011-10-30 21:29:08 -------- d-----w- c:\users\ruth\appdata\local\{F427A2A0-2A42-46C6-BD07-AC3D4AEFE1B6}
2011-10-30 21:28:52 -------- d-----w- c:\users\ruth\appdata\local\{19620702-A38E-4AD4-8073-1A1388BE5876}
2011-10-30 10:46:39 -------- d-----w- c:\users\ruth\appdata\local\{31D3C9A1-68F3-4BE7-941D-9D569904BE05}
2011-10-30 10:46:25 -------- d-----w- c:\users\ruth\appdata\local\{61E48961-D7AB-43F2-B1A0-5AAE3B24518D}
2011-10-29 11:57:12 -------- d-----w- c:\users\ruth\appdata\local\{1E2B0580-D82F-4373-AD50-448AACAA37CD}
2011-10-29 11:57:00 -------- d-----w- c:\users\ruth\appdata\local\{530FF71A-5C37-4FC6-9D0B-B16857417FBE}
2011-10-29 10:16:06 -------- d-----w- c:\users\ruth\appdata\local\{4C98544C-FF68-41FC-8252-199341E60094}
2011-10-29 10:15:09 -------- d-----w- c:\users\ruth\appdata\local\{3B8215F7-784D-4D86-A3F6-C3E59FBF44B6}
2011-10-29 10:14:53 -------- d-----w- c:\users\ruth\appdata\local\{E8DDD471-E472-4DA0-BF48-CA442D4E689A}
2011-10-29 10:14:37 -------- d-----w- c:\users\ruth\appdata\local\{F7D40799-A570-41D3-92BB-DF27FCB10375}
2011-10-28 08:31:07 -------- d-----w- c:\users\ruth\appdata\local\{F26C49A2-7760-4E76-A730-8FD7A5FE991B}
2011-10-28 08:30:56 -------- d-----w- c:\users\ruth\appdata\local\{938D5287-83B5-4AB4-8C8C-CF2DCFBE7357}
2011-10-27 10:18:19 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-27 10:03:15 -------- d-----w- c:\users\ruth\appdata\local\{4A4F66F4-0D60-411E-AA91-5499B6E1FC69}
2011-10-27 10:02:56 -------- d-----w- c:\users\ruth\appdata\local\{EE9ADAFA-A35A-4CF2-8DA7-D62334CFCDD0}
2011-10-25 03:42:12 -------- d-----w- c:\users\ruth\appdata\local\{6275F722-391D-402F-AD8E-60776402313A}
2011-10-25 03:41:31 -------- d-----w- c:\users\ruth\appdata\local\{9AF5A1FD-A8D2-4417-9912-11930B87B19B}
2011-10-24 12:58:20 -------- d-----w- c:\users\ruth\appdata\local\{1A5BBF15-1DE7-4478-8598-D03B7E8152F5}
2011-10-24 12:58:07 -------- d-----w- c:\users\ruth\appdata\local\{0D175238-92D6-4BA0-8B3D-C435E9ED338C}
2011-10-24 06:19:56 -------- d-----w- c:\users\ruth\appdata\local\{58D6248D-3FDF-4A34-B2C4-A0F5717EFD0A}
2011-10-24 06:19:45 -------- d-----w- c:\users\ruth\appdata\local\{F85AF369-C569-4349-A32E-92CD000180CA}
2011-10-23 17:46:38 -------- d-----w- c:\users\ruth\appdata\local\{38EBE4B7-B5C8-4AC9-8C38-3AEC6F6D2861}
2011-10-23 17:46:23 -------- d-----w- c:\users\ruth\appdata\local\{D1DCF563-7906-42F2-92CB-5434C8672F42}
2011-10-23 15:27:19 -------- d--h--w- C:\$AVG
2011-10-23 14:10:21 -------- d-----w- c:\users\ruth\appdata\roaming\AVG2012
2011-10-23 14:06:47 -------- d--h--w- c:\programdata\Common Files
2011-10-23 14:04:25 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-23 14:04:25 -------- d-----w- c:\programdata\AVG2012
2011-10-23 14:02:25 -------- d-----w- c:\program files\AVG
2011-10-23 13:52:16 -------- d-----w- c:\programdata\MFAData
2011-10-22 15:03:33 -------- d-----w- c:\users\ruth\appdata\local\{117221FA-2ED8-4B25-9861-36D4DD245A62}
2011-10-22 15:03:21 -------- d-----w- c:\users\ruth\appdata\local\{8743F368-4441-470A-A7C9-2D9EAF904E97}
2011-10-22 13:18:06 -------- d-----w- c:\users\ruth\appdata\local\{5E4968A3-4D57-431A-A3B1-1AB1CECDF090}
2011-10-22 13:17:53 -------- d-----w- c:\users\ruth\appdata\local\{D6965C86-C7AF-4EFF-92B5-20DFFE3A7F3B}
2011-10-22 10:45:46 -------- d-----w- c:\users\ruth\appdata\local\{0F45FB4E-F88C-4ED1-9C53-7BA53FBD7EDA}
2011-10-22 10:45:32 -------- d-----w- c:\users\ruth\appdata\local\{F4A08E2D-2546-428A-8B96-F08291E30B36}
2011-10-22 00:03:51 -------- d-----w- c:\users\ruth\appdata\local\{99BD57BA-3EEC-46E2-9171-43ABC3ED9A1A}
2011-10-22 00:03:38 -------- d-----w- c:\users\ruth\appdata\local\{D69FBC86-D08E-4A60-AA4E-04D838D861F2}
2011-10-20 12:09:05 -------- d-----w- c:\users\ruth\appdata\local\{1A43F5F4-901D-4A79-9611-8A936E97EA54}
2011-10-20 12:08:53 -------- d-----w- c:\users\ruth\appdata\local\{57CB54F8-BA0D-4D9F-A18C-62821CFBFF5A}
2011-10-20 07:05:04 -------- d-----w- c:\users\ruth\appdata\local\{5D8A2BAD-3E93-4636-BD29-83994FDB0C7A}
2011-10-20 07:04:48 -------- d-----w- c:\users\ruth\appdata\local\{50A9D270-4F73-4FD5-9FFA-D859ED6E5CBA}
2011-10-19 16:47:23 -------- d-----w- c:\users\ruth\appdata\local\{B05B42FF-EF67-45D4-B7FE-221150BFCE2E}
2011-10-19 16:47:10 -------- d-----w- c:\users\ruth\appdata\local\{3B51C4BD-973D-498D-B3F2-807610267168}
2011-10-19 11:16:00 -------- d-----w- c:\users\ruth\appdata\local\{223D7EB6-6C06-411C-BA75-2B266F88A7A1}
2011-10-19 11:15:48 -------- d-----w- c:\users\ruth\appdata\local\{F7A7104C-86C0-4856-98B1-CD9D009CF8CB}
2011-10-19 08:48:41 -------- d-----w- c:\users\ruth\appdata\local\{ADA6D4F2-59C1-48BB-ACDF-6193FAED948B}
2011-10-19 08:48:25 -------- d-----w- c:\users\ruth\appdata\local\{51A4709A-EFB9-4815-A4F6-2C8D79D97172}
2011-10-19 07:12:27 -------- d-----w- c:\users\ruth\appdata\local\{807826F7-9B94-4EC5-B606-4CD5BB1071CF}
2011-10-19 07:12:23 -------- d-----w- c:\users\ruth\appdata\local\{B25FC88D-CCAD-4698-922C-C0D1A5C30A2E}
2011-10-19 06:32:44 -------- d-----w- c:\users\ruth\appdata\roaming\18456
2011-10-19 06:32:12 -------- d-----w- c:\users\ruth\appdata\roaming\E4E18
2011-10-18 07:39:16 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9db5ca13-9057-4805-b63b-cc6df297c727}\mpengine.dll
2011-10-18 07:35:21 -------- d-----w- c:\users\ruth\appdata\local\{D3753594-CCB7-4BAF-96E2-98AB1BE313D1}
2011-10-18 07:35:06 -------- d-----w- c:\users\ruth\appdata\local\{D600908C-A5EA-40DF-A6BA-BB27C0CE8365}
2011-10-17 06:42:18 -------- d-----w- c:\users\ruth\appdata\local\{2CEF42B4-5DE1-4ECF-BAF9-883D51515D4E}
2011-10-17 06:42:07 -------- d-----w- c:\users\ruth\appdata\local\{5D99C092-7511-43DE-802B-FE6C243738DE}
2011-10-16 19:39:27 -------- d-----w- c:\users\ruth\appdata\local\{5ECEAC93-DAD9-4BF0-B33C-9F00B34462B8}
2011-10-16 19:39:10 -------- d-----w- c:\users\ruth\appdata\local\{B2F1ABA7-FFEC-4DC1-94A6-38020811BCB9}
2011-10-16 09:24:39 -------- d-----w- c:\users\ruth\appdata\local\{67791A5C-3EC9-408A-909C-C4CA7D64B7FE}
2011-10-16 09:24:27 -------- d-----w- c:\users\ruth\appdata\local\{80B36934-8E37-4820-A464-E95F4C31D475}
2011-10-15 08:47:18 -------- d-----w- c:\users\ruth\appdata\local\{F34FB006-19BF-42FC-AD45-3E33BEC3E78D}
2011-10-15 08:47:06 -------- d-----w- c:\users\ruth\appdata\local\{D48A2DEE-19D5-473E-B43B-6F7537A3716D}
.
==================== Find3M ====================
.
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-19 20:15:14 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-18 08:25:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-09-13 18:23:53 737280 ----a-w- c:\windows\iun6002.exe
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-23 06:49:13 88704 ----a-w- c:\windows\system32\packet.dll
2011-08-23 06:49:13 42512 ----a-w- c:\windows\system32\drivers\npf.sys
2011-08-23 06:49:13 240240 ----a-w- c:\windows\system32\wpcap.dll
2011-08-15 20:22:48 1 ----a-w- c:\windows\system32\SI.bin
.
============= FINISH: 14:44:27.39 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-13 16:07:13
Windows 6.0.6002 Service Pack 2
Running: dxh1gh7k.exe; Driver: C:\Users\ruth\AppData\Local\Temp\kwtdrpow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x4C 0x59 0x20 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x06 0xB8 0x68 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x4C 0x59 0x20 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x06 0xB8 0x68 0xC6 ...

---- EOF - GMER 1.0.15 ----
 

Attachments

dave5151

Thread Starter
Joined
Nov 13, 2011
Messages
4
I know I was told to allow up to 48 hours a reply but it's been 5 days now.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top