[Closed- piracy] Does any malware remain?

Status
Not open for further replies.
K

kaibeau

Posts: 15   +0
I have manged to remove 2 infections, and I am wanting to know if my system is clean? Can you please help.
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: INTELDESKTOP [administrator]

7/03/2012 9:57:58 PM
mbam-log-2012-03-07 (21-57-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206406
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-07 23:40:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3250310AS rev.3.AAF
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\pwddqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9D9EAF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9D9EAFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9D9EB080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9D9EB11C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83245369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 83286054 4 Bytes [3C, AF, 9E, 9D] {CMP AL, 0xaf; SAHF ; POPF }
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 83286324 8 Bytes [E4, AF, 9E, 9D, 80, B0, 9E, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 83286398 4 Bytes [1C, B1, 9E, 9D] {SBB AL, 0xb1; SAHF ; POPF }
? system32\drivers\51150320.sys The system cannot find the path specified. !
? C:\Users\User\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!DialogBoxParamW 76813B9B 5 Bytes JMP 7261170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!DialogBoxIndirectParamW 76823B7F 5 Bytes JMP 72806336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!DialogBoxParamA 7683CF42 5 Bytes JMP 728062D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!DialogBoxIndirectParamA 7683D274 5 Bytes JMP 7280639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!MessageBoxIndirectA 7684E869 5 Bytes JMP 72806258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!MessageBoxIndirectW 7684E963 5 Bytes JMP 728061DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!MessageBoxExA 7684E9C9 5 Bytes JMP 7280617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4944] USER32.dll!MessageBoxExW 7684E9ED 5 Bytes JMP 72806117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateWindowExA 767FBF40 5 Bytes JMP 72683363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!IsDialogMessageW 76804104 5 Bytes JMP 72806E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogParamA 76811F42 5 Bytes JMP 72806668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!IsDialogMessage 76812019 5 Bytes JMP 72806DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxParamW 76813B9B 5 Bytes JMP 7261170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogIndirectParamA 7681721D 5 Bytes JMP 728066D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogIndirectParamW 7681EA10 5 Bytes JMP 72806710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxIndirectParamW 76823B7F 5 Bytes JMP 72806336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!EndDialog 76823BA3 5 Bytes JMP 728070B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogParamW 76825630 5 Bytes JMP 728066A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SetKeyboardState 7682695A 5 Bytes JMP 728076D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SendInput 76827019 5 Bytes JMP 72807679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SetCursorPos 7683C1B0 5 Bytes JMP 72807752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxParamA 7683CF42 5 Bytes JMP 728062D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxIndirectParamA 7683D274 5 Bytes JMP 7280639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxIndirectA 7684E869 5 Bytes JMP 72806258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxIndirectW 7684E963 5 Bytes JMP 728061DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxExA 7684E9C9 5 Bytes JMP 7280617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxExW 7684E9ED 5 Bytes JMP 72806117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!keybd_event 7684EC3B 5 Bytes JMP 72807636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] SHELL32.dll!RealDriveType + 173D 753FFDD0 4 Bytes [CF, 01, 4A, 6E] {IRET ; ADD [EDX+0x6e], ECX}
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] SHELL32.dll!RealDriveType + 1745 753FFDD8 8 Bytes [E0, 61, 49, 6E, 79, F7, 49, ...] {LOOPNZ 0x63; DEC ECX; OUTSB ; JNS 0xfffffffffffffffd; DEC ECX; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5232] ole32.dll!OleLoadFromStream 76946143 5 Bytes JMP 72806B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B02437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73AE5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73AE56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B024B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73AF8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73AF4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73AF506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73AF5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73AF6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73AF826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73AF87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73AF901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73AFE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73AF4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6FC911EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[396] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe[2060] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F2FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E4A029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E495EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E4A7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E4AF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E4AF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E4B07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E4AFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E495E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E4AABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E494E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E4963E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E4AB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E496D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E4ABC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E4AC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E4A029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E494E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E495EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E4963E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E494E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E4AC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E4AE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E4AAA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E4AABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E4AB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E496D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E495EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E4AFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E4B07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E4A939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E4963E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E4A029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E495F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E4A9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E49F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E495E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E4A0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E4AF2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E4AF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E4B072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E4AF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E4B1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E4B1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E49FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E4B1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E49F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E49FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E4B1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E4B1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E4B12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E4B0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E4A0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E4B1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E4B194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E4B1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E49F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E49F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E4B27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E4B136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E4B1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E4B0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E4B2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E49F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E4B2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E497430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E49F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E49E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E495D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E4B140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E4B1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E4B1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E4A0123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E4B218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E4B1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E49FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E4B19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E49FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer
 
Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E4B20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E4B2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E4B2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E4B0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E494927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E4B0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E49FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E4B18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E4B1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E4B171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E4B17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E494984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E4A8C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E4ACB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E4AD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E4AD11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E496D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E4AC49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E4AB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E4AB245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E4AA89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E4AE0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E494E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E4AABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E4AA249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E4A9AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E4AE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E4AE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E4A9F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E4ABC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E4AA56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E494E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E496D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E49F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E4B1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E4B2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E4B2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E4B2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E4A0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6E4964C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E494CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E494927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E494984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E496528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5232] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E4947BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB34627$\408620344 0 bytes
File C:\Windows\$NtUninstallKB34627$\45778425 0 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\@ 2048 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\cfg.ini 299 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\L 0 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\L\akoeejgn 78336 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\oemid 211 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U 0 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\U\80000032.@ 73216 bytes
File C:\Windows\$NtUninstallKB34627$\45778425\version 858 bytes

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by User at 6:18:30 on 2012-03-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3549.2479 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\twain_32\D66U\D066UUTY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
uRun: [CAHeadless] c:\program files\adobe\elements 10 organizer\caheadless\ElementsAutoAnalyzer.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink dvd solution\powerdvd\language\Language.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [D066UUtility] c:\windows\twain_32\d66u\D066UUTY.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C2911F30-4CB2-42EA-A337-4BD2DDBC966A} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{FE566201-9C78-42D5-956A-4EB2951E7FA3} : DhcpNameServer = 10.0.0.138
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\wn5wmovi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&babsrc=adbartrp&mntrId=eca82b9e0000000000005404a64a9ed6&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user\appdata\roaming\vuzestream\netscapeplugin1.0.2.9\npVuzeStream.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - eca82b9e0000000000005404a64a9ed6
FF - user.js: extensions.BabylonToolbar_i.hardId - eca82b9e0000000000005404a64a9ed6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15400
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.177:12:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-9-15 39472]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-6 11448]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-31 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-31 234888]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-2-22 69232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avhook;Webdriveservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 fssfltr;CTERFXFX.DLL;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 iksyssec;Nidomainservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mclserviceatl;Ktp;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 ofcservice;Mcdetect.exe;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1343400]
.
=============== Created Last 30 ================
.
2012-03-07 11:24:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-07 10:53:28 102400 ----a-w- c:\windows\RegBootClean.exe
2012-03-07 10:11:29 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-03-07 01:55:06 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-03-06 13:58:08 -------- d-----w- c:\users\user\.ufsxsci
2012-03-06 13:58:07 -------- d-----w- c:\program files\Data Recovery
2012-03-06 02:12:51 -------- d-----w- c:\users\user\appdata\roaming\Usenet.nl
2012-03-06 02:12:46 -------- d-----w- c:\program files\Usenet.nl
2012-03-05 06:02:47 -------- d-----w- c:\users\user\appdata\roaming\Remote
2012-03-05 05:52:43 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-04 23:03:09 -------- d-----w- c:\users\user\appdata\local\Ilivid Player
2012-03-04 22:51:19 -------- d-----w- c:\users\user\appdata\local\PackageAware
2012-03-02 12:43:26 -------- d-----w- c:\program files\fbphotozoom
2012-03-01 21:12:01 -------- d-----w- c:\users\user\appdata\local\Babylon
2012-03-01 21:11:58 -------- d-----w- c:\programdata\Babylon
2012-03-01 21:11:57 -------- d-----w- c:\users\user\appdata\roaming\Babylon
2012-03-01 21:11:56 -------- d-----w- c:\programdata\Premium
2012-03-01 21:11:47 -------- d-----w- c:\programdata\TheBflix
2012-03-01 21:10:16 -------- d-----w- c:\programdata\InstallMate
2012-02-29 06:21:43 -------- d-----w- c:\program files\pdf995
2012-02-26 16:34:32 -------- d-----w- c:\program files\DiskInternals
2012-02-26 14:23:55 60352 ----a-w- c:\windows\system32\drivers\ifsmount.sys
2012-02-26 14:23:55 189888 ----a-w- c:\windows\system32\drivers\ext2fs.sys
2012-02-26 14:23:54 77760 ----a-w- c:\windows\system32\ifsdrives.exe
2012-02-26 14:23:54 210432 ----a-w- c:\windows\system32\ifsdrives.dll
2012-02-25 01:16:12 24576 ----a-r- c:\windows\system32\AsIO.dll
2012-02-25 01:16:12 11296 ----a-r- c:\windows\system32\drivers\AsIO.sys
2012-02-25 01:16:02 -------- d-----w- c:\program files\ASUS
2012-02-22 12:25:30 -------- d-----w- c:\windows\system32\RTCOM
2012-02-22 12:23:58 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-02-22 08:08:07 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-22 07:53:48 -------- d-----w- C:\ComboFix
2012-02-22 05:48:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-22 05:48:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-22 05:48:49 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-22 05:48:47 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-22 03:40:20 95232 ----a-w- c:\windows\system32\hccutils.dll
2012-02-22 03:40:20 59392 ----a-w- c:\windows\system32\oemdspif.dll
2012-02-22 03:40:20 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-22 03:40:20 303104 ----a-w- c:\windows\system32\igfxresp.lrc
2012-02-22 03:40:19 672792 ----a-w- c:\windows\system32\igfxcfg.exe
2012-02-22 03:40:19 3839488 ----a-w- c:\windows\system32\ig4dev32.dll
2012-02-22 03:40:19 228864 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-22 03:40:19 155648 ----a-w- c:\windows\system32\igfxCoIn_v1851.dll
2012-02-22 03:40:18 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-02-22 03:39:58 134592 ----a-w- c:\windows\system32\igfcg500.bin
2012-02-22 03:39:12 69232 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2012-02-22 03:38:37 -------- d-----w- c:\windows\system32\Atheros_L1e
2012-02-22 03:35:16 -------- d-----w- c:\users\user\appdata\local\ApplicationHistory
2012-02-22 03:29:56 53248 ----a-r- c:\windows\system32\CSVer.dll
2012-02-12 23:52:57 -------- d-----w- c:\programdata\Clarus
2012-02-12 23:35:22 -------- d-----w- c:\program files\Clarus
2012-02-07 06:59:50 -------- d-----w- c:\program files\SmartSound Software
2012-02-07 06:59:28 -------- d-----w- c:\programdata\SmartSound Software Inc
2012-02-07 04:31:34 1222 ----a-w- c:\program files\CreateRP-Success_Message.vbs
.
==================== Find3M ====================
.
2012-03-07 11:33:02 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-27 13:07:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-26 10:02:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 03:58:16 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 05:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 13:29:19 87608 -c--a-w- c:\users\user\appdata\roaming\ezpinst.exe
2011-12-09 13:29:19 47360 -c--a-w- c:\users\user\appdata\roaming\pcouffin.sys
2009-08-05 03:12:11 1092216 ----a-w- c:\program files\Google Updater.exe
2004-03-11 03:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 6:19:08.57 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/01/2010 2:56:36 PM
System Uptime: 8/03/2012 6:03:31 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5G41T-M LX3
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | LGA775 | 1803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 25.978 GiB free.
D: is CDROM ()
G: is FIXED (NTFS) - 1397 GiB total, 830.392 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP273: 22/02/2012 1:38:13 PM - Installed Atheros Communications Inc.(R) AR81Family Gigabit/Fast’õd
RP274: 22/02/2012 8:04:27 PM - Windows Update
RP276: 25/02/2012 11:15:40 AM - Installed ASUSUpdate
RP277: 27/02/2012 11:06:19 PM - Installed Java(TM) 6 Update 31
RP278: 3/03/2012 12:34:48 PM - Removed Nero 7 Essentials. Available with Windows Installer version 1.2 and later.
RP280: 3/03/2012 12:43:24 PM - Configured LabelPrint
RP282: 3/03/2012 12:45:44 PM - Configured Power2Go
RP284: 3/03/2012 2:15:14 PM - Configured YouCam
RP285: 7/03/2012 1:09:03 AM - Removed Nero 7 Essentials. Available with Windows Installer version 1.2 and later.
RP286: 7/03/2012 4:04:44 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Premiere Elements 10
Adobe Reader 9.5.0
Adobe Reader for Pocket PC 2.0
Adobe Stock Photos 1.0
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2011
AVG 2012
AVG PC Tuneup 2011
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
BigPond Broadband ADSL
Bonjour
Canon ScanGear Toolbox CS 2.5
CCleaner
CDisplay 1.8
CloneCD
Combined Community Codec Pack 2010-10-10
ComicZeal Sync 0.9.4.5
Compatibility Pack for the 2007 Office system
D3DX10
DivX Plus DirectShow Filters
DivX Setup
Dulux MyColour4
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
dvdSanta 4.50
e-tax 2011
Elements 10 Organizer
EPSON Printer Software
eReg
Ext2 IFS 1.11a for Windows Vista/2008
Facebook Plug-In
ffdshow [rev 3299] [2010-03-03]
FitLive 1.2.01
getPlus(R) for Adobe
Google Updater
h1940-2200 btfix
h2200 BT Driver Update Build 58
h2200 SDIO
Handbrake 0.9.4
iCloud
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 31
jZip
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG ODD Auto Firmware Update
Logitech SetPoint 6.0
Malwarebytes Anti-Malware version 1.60.1.1000
Matroska Pack - Lazy Man's MKV 0.9.9
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Tool Web Package:diskpart.exe
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MobileMe Control Panel
Mozilla Firefox 10.0.2 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
Nero 7 Essentials
Nero BackItUp 4
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
P2PFilter 3.0.5
Paragon Drive Backup 8.51 Professional Trial
PC Connectivity Solution
Pdf995
PowerDVD
PowerISO
PRE10STIInstaller
PS3 Media Server
QuickTime
Raise Data Recovery for JFS, version 5.2
Realtek High Definition Audio Driver
Samsung Auto Backup
Security Task Manager 1.7h
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SmartSound Common Data
SmartSound Premiere Elements 10 Plugin
SmartSound Sonicfire Pro 5
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
System Requirements Lab for Intel
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
TVersitybar Toolbar
Ubuntu
Ultra MP4 Video Converter 3.2.0607
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Usenet.nl
VC80CRTRedist - 8.0.50727.4053
Veetle TV
VideoStream Server v0.9.8a
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Vuze
Vuze Remote Toolbar
Vuze Toolbar
VuzeStream Plugin
WebFldrs XP
Windows 7 Upgrade Advisor Beta
Windows Driver Package - Atheros Communications Inc. (arusb_lh) Net (09/25/2008 3.1.0.101)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (03/27/2006 5.1213.06.0327)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Center
WinZip 15.0
Xvid 1.1.3 final uninstall
YouTube Downloader App 2.03
.
==== Event Viewer Messages From Past Week ========
.
8/03/2012 6:05:54 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
8/03/2012 6:05:22 AM, Error: Service Control Manager [7023] - The Swmsflt service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:22 AM, Error: Service Control Manager [7023] - The Aracpi service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:22 AM, Error: Service Control Manager [7023] - The A016obex service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:21 AM, Error: Service Control Manager [7023] - The Usbvideo service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:19 AM, Error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:19 AM, Error: Service Control Manager [7023] - The Procmon10 service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:19 AM, Error: Service Control Manager [7023] - The Ino_fltr service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:19 AM, Error: Service Control Manager [7023] - The Dmserver service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:19 AM, Error: Service Control Manager [7023] - The Ctljystk service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:18 AM, Error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:18 AM, Error: Service Control Manager [7023] - The PciBus service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:18 AM, Error: Service Control Manager [7023] - The IntuitUpdateService service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:18 AM, Error: Service Control Manager [7023] - The E1000 service terminated with the following error: The specified module could not be found.
8/03/2012 6:05:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVersity Media Server service to connect.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The SNPSTD3 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The Nvsmu service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The Nuvaud2 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The NMSCFG service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The MREMP50 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The FireHook service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:47 AM, Error: Service Control Manager [7023] - The Cpqdmi service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:46 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
8/03/2012 6:04:45 AM, Error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:45 AM, Error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:44 AM, Error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:44 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:44 AM, Error: Service Control Manager [7023] - The Pgpserv service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:44 AM, Error: Service Control Manager [7023] - The Pdlncbas service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:44 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Viaudio service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Viamraid service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Ssisvr32 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Savscan service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The S3savagenb service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Perfnet service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Oracleorahome811cmadmin service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Nscservice service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Npkcrypt service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Mcdetect.exe service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Lxcz_device service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Ktp service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Foldersize service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Dtsrvc service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Dsunidrv service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Caisafe service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Avsinc service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Atiavaiw service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:42 AM, Error: Service Control Manager [7023] - The Adpu160m service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:41 AM, Error: Service Control Manager [7023] - The Nidomainservice service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:41 AM, Error: Service Control Manager [7023] - The Digictrl service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:41 AM, Error: Service Control Manager [7023] - The Cxpt_service service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:41 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/03/2012 6:04:36 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/03/2012 6:04:35 AM, Error: Service Control Manager [7023] - The Wmiaprpl service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:35 AM, Error: Service Control Manager [7023] - The Pca service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:35 AM, Error: Service Control Manager [7023] - The CTERFXFX.DLL service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:35 AM, Error: Service Control Manager [7023] - The Atiavpci service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Webdriveservice service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The STV672 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The SiS300i service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Lxcccustomerconnect service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Hpqddsvc service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The GBFSHook service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Ftpqueue service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Avg7alrt service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The Askernel service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:34 AM, Error: Service Control Manager [7023] - The AEAudioService service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:32 AM, Error: Service Control Manager [7023] - The Razerusb service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:32 AM, Error: Service Control Manager [7023] - The Npapimon service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:30 AM, Error: Service Control Manager [7023] - The Asmagent service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:25 AM, Error: Service Control Manager [7023] - The USB_NDIS_51 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:25 AM, Error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:25 AM, Error: Service Control Manager [7023] - The HssSrv service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:25 AM, Error: Service Control Manager [7023] - The ET5Drv service terminated with the following error: The specified module could not be found.
8/03/2012 6:04:24 AM, Error: Service Control Manager [7023] - The Livesrv service terminated with the following error: The specified module could not be found.
7/03/2012 9:28:16 PM, Error: Service Control Manager [7023] - The Razerusb service terminated with the following error: Access is denied.
7/03/2012 9:13:15 PM, Error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: Access is denied.
7/03/2012 8:58:16 PM, Error: Service Control Manager [7023] - The Digictrl service terminated with the following error: Access is denied.
7/03/2012 8:57:18 PM, Error: Service Control Manager [7023] - The SiS300i service terminated with the following error: Access is denied.
7/03/2012 8:43:45 PM, Error: Service Control Manager [7023] - The Mcdetect.exe service terminated with the following error: Access is denied.
7/03/2012 8:28:45 PM, Error: Service Control Manager [7023] - The WNCPKT service terminated with the following error: Access is denied.
7/03/2012 8:13:45 PM, Error: Service Control Manager [7023] - The SNPSTD3 service terminated with the following error: Access is denied.
7/03/2012 7:58:45 PM, Error: Service Control Manager [7023] - The Dsunidrv service terminated with the following error: Access is denied.
7/03/2012 5:32:45 PM, Error: Service Control Manager [7023] - The Npkcrypt service terminated with the following error: Access is denied.
7/03/2012 5:31:45 PM, Error: Service Control Manager [7023] - The Procexp100 service terminated with the following error: Access is denied.
7/03/2012 5:03:15 PM, Error: Service Control Manager [7023] - The Lxcccustomerconnect service terminated with the following error: Access is denied.
7/03/2012 4:48:15 PM, Error: Service Control Manager [7023] - The Cxpt_service service terminated with the following error: Access is denied.
7/03/2012 4:36:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
7/03/2012 4:36:41 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
7/03/2012 4:33:19 PM, Error: Service Control Manager [7023] - The GBFSHook service terminated with the following error: Access is denied.
7/03/2012 4:18:16 PM, Error: Service Control Manager [7023] - The MREMP50 service terminated with the following error: Access is denied.
7/03/2012 4:03:15 PM, Error: Service Control Manager [7023] - The AEAudioService service terminated with the following error: Access is denied.
7/03/2012 3:48:15 PM, Error: Service Control Manager [7023] - The Ktp service terminated with the following error: Access is denied.
7/03/2012 3:33:16 PM, Error: Service Control Manager [7023] - The FireHook service terminated with the following error: Access is denied.
7/03/2012 3:18:15 PM, Error: Service Control Manager [7023] - The Oracleorahome811cmadmin service terminated with the following error: Access is denied.
7/03/2012 3:03:15 PM, Error: Service Control Manager [7023] - The Swmsflt service terminated with the following error: Access is denied.
7/03/2012 2:48:16 PM, Error: Service Control Manager [7023] - The Webdriveservice service terminated with the following error: Access is denied.
7/03/2012 2:33:15 PM, Error: Service Control Manager [7023] - The Askernel service terminated with the following error: Access is denied.
7/03/2012 2:18:15 PM, Error: Service Control Manager [7023] - The E1000 service terminated with the following error: Access is denied.
7/03/2012 2:03:15 PM, Error: Service Control Manager [7023] - The Ftpqueue service terminated with the following error: Access is denied.
7/03/2012 2:02:16 PM, Error: Service Control Manager [7023] - The Atiavpci service terminated with the following error: Access is denied.
7/03/2012 2:00:58 AM, Error: Service Control Manager [7023] - The Dtsrvc service terminated with the following error: Access is denied.
7/03/2012 12:48:46 PM, Error: Service Control Manager [7023] - The STV672 service terminated with the following error: Access is denied.
7/03/2012 12:45:58 AM, Error: Service Control Manager [7023] - The Nvsmu service terminated with the following error: Access is denied.
7/03/2012 12:43:58 AM, Error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: Access is denied.
7/03/2012 12:33:47 PM, Error: Service Control Manager [7023] - The PciBus service terminated with the following error: Access is denied.
7/03/2012 12:30:58 AM, Error: Service Control Manager [7023] - The Atiavaiw service terminated with the following error: Access is denied.
7/03/2012 12:19:58 AM, Error: Service Control Manager [7023] - The Tfsndres service terminated with the following error: Access is denied.
7/03/2012 12:18:47 PM, Error: Service Control Manager [7023] - The Procmon10 service terminated with the following error: Access is denied.
7/03/2012 12:15:58 AM, Error: Service Control Manager [7023] - The Axskbus service terminated with the following error: Access is denied.
7/03/2012 12:14:59 AM, Error: Service Control Manager [7023] - The Dmserver service terminated with the following error: Access is denied.
7/03/2012 12:03:46 PM, Error: Service Control Manager [7023] - The ET5Drv service terminated with the following error: Access is denied.
7/03/2012 11:54:30 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/03/2012 11:48:46 AM, Error: Service Control Manager [7023] - The Ctljystk service terminated with the following error: Access is denied.
7/03/2012 11:33:46 AM, Error: Service Control Manager [7023] - The Hpqddsvc service terminated with the following error: Access is denied.
7/03/2012 11:18:46 AM, Error: Service Control Manager [7023] - The Pdlncbas service terminated with the following error: Access is denied.
7/03/2012 11:03:46 AM, Error: Service Control Manager [7023] - The Livesrv service terminated with the following error: Access is denied.
7/03/2012 10:48:46 AM, Error: Service Control Manager [7023] - The WavxDMgr service terminated with the following error: Access is denied.
7/03/2012 10:33:46 AM, Error: Service Control Manager [7023] - The Viamraid service terminated with the following error: Access is denied.
7/03/2012 10:18:46 AM, Error: Service Control Manager [7023] - The Viaudio service terminated with the following error: Access is denied.
7/03/2012 10:03:54 AM, Error: Service Control Manager [7023] - The Npapimon service terminated with the following error: Access is denied.
7/03/2012 10:02:11 AM, Error: Service Control Manager [7023] - The Nidomainservice service terminated with the following error: Access is denied.
7/03/2012 1:48:46 PM, Error: Service Control Manager [7023] - The IntuitUpdateService service terminated with the following error: Access is denied.
7/03/2012 1:45:58 AM, Error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: Access is denied.
7/03/2012 1:33:46 PM, Error: Service Control Manager [7023] - The Pca service terminated with the following error: Access is denied.
7/03/2012 1:30:59 AM, Error: Service Control Manager [7023] - The Lxcz_device service terminated with the following error: Access is denied.
7/03/2012 1:18:46 PM, Error: Service Control Manager [7023] - The A016obex service terminated with the following error: Access is denied.
7/03/2012 1:15:58 AM, Error: Service Control Manager [7023] - The Ssisvr32 service terminated with the following error: Access is denied.
7/03/2012 1:03:47 PM, Error: Service Control Manager [7023] - The Ino_fltr service terminated with the following error: Access is denied.
7/03/2012 1:00:58 AM, Error: Service Control Manager [7023] - The Avg7alrt service terminated with the following error: Access is denied.
6/03/2012 9:21:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the vToolbarUpdater service to connect.
6/03/2012 9:21:41 AM, Error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/03/2012 7:53:44 PM, Error: Service Control Manager [7023] - The NMSCFG service terminated with the following error: Access is denied.
5/03/2012 7:38:44 PM, Error: Service Control Manager [7023] - The Avsinc service terminated with the following error: Access is denied.
5/03/2012 7:23:44 PM, Error: Service Control Manager [7023] - The Mnsframework service terminated with the following error: Access is denied.
5/03/2012 7:08:44 PM, Error: Service Control Manager [7023] - The S3savagenb service terminated with the following error: Access is denied.
5/03/2012 6:53:44 PM, Error: Service Control Manager [7023] - The Aracpi service terminated with the following error: Access is denied.
5/03/2012 6:38:44 PM, Error: Service Control Manager [7023] - The CTERFXFX.DLL service terminated with the following error: Access is denied.
5/03/2012 6:23:44 PM, Error: Service Control Manager [7023] - The HssSrv service terminated with the following error: Access is denied.
5/03/2012 6:08:44 PM, Error: Service Control Manager [7023] - The Nuvaud2 service terminated with the following error: Access is denied.
5/03/2012 5:53:44 PM, Error: Service Control Manager [7023] - The USB_NDIS_51 service terminated with the following error: Access is denied.
5/03/2012 5:38:44 PM, Error: Service Control Manager [7023] - The Perfnet service terminated with the following error: Access is denied.
5/03/2012 5:23:44 PM, Error: Service Control Manager [7023] - The Caisafe service terminated with the following error: Access is denied.
5/03/2012 5:08:44 PM, Error: Service Control Manager [7023] - The Pgpserv service terminated with the following error: Access is denied.
5/03/2012 4:53:45 PM, Error: Service Control Manager [7023] - The Foldersize service terminated with the following error: Access is denied.
5/03/2012 4:38:44 PM, Error: Service Control Manager [7023] - The Cpqdmi service terminated with the following error: Access is denied.
5/03/2012 4:23:45 PM, Error: Service Control Manager [7023] - The Savscan service terminated with the following error: Access is denied.
5/03/2012 4:08:45 PM, Error: Service Control Manager [7023] - The Asmagent service terminated with the following error: Access is denied.
5/03/2012 3:57:44 PM, Error: Service Control Manager [7023] - The Usbvideo service terminated with the following error: Access is denied.
5/03/2012 3:56:44 PM, Error: Service Control Manager [7023] - The Adpu160m service terminated with the following error: Access is denied.
5/03/2012 3:53:44 PM, Error: Service Control Manager [7023] - The Wmiaprpl service terminated with the following error: Access is denied.
5/03/2012 3:52:44 PM, Error: Service Control Manager [7023] - The Nscservice service terminated with the following error: Access is denied.
5/03/2012 3:29:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the InstallDriver Table Manager service to connect.
.
==== End Of File ===========================
 
Welcome to TechSpot!

As you note, I have changed the subject to something more appropriate. Everyone here needs "Help" so that doesn't tell me much.

To answer the new subject, yes, there is some remaining malware and some evidence of the programs you used to try and remove it.

Questions and Comments:
1. Please uninstall the following:
Vuze
Vuze Remote Toolbar
Vuze Toolbar
VuzeStream Plugin
Click to expand...
After the uninstall, use Windows explorer to access Computer> Local Drive> Programs. find all the Vuze Program folders and do a right click> Delete on each.

2. Do you know you have 2 different versions of AVG installed? (Please see #5 before making any change.
AVG 2011
AVG 2012
Click to expand...

3. This program is basically a registry cleaner. We don't recommend registry cleaners to anyone because the risk is greater than any benefit. I suggest you remove it:
AVG PC Tuneup 2011
Click to expand...

4. What were the names of the 2 malwares you removed?

5. I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
===========================
Please leave all logs in your next reply.
 
Removed Virus.Win32.ZAccess.aml and TROJ_ZACCESS.CQJ
And no i did not know i had 2 avg. Control panel does not reflect this.
 
Please continue with the scans.

Both versions of AVG show in the Attach.txt log from DDS in the list of Installed Programs.
 
Have run Appremover

Have run the Appremover program and have started up Combofix and it's come up: Warning AVG Free 2012 -The above programs real time scanners are still active.
I have run it again and I can't find anything else remaining on AVG.
 
:Ok, got that sorted with a restart, but I have tried to run Combofix a few times with no result. It says it roughly takes 10 mins but can take dbl for badly infected machines. I have had my comp scanning for many hours and it just sits there with the cursor flashing. I restarted the computer and it says my rubbish bin is corrupted?
Please not sure what to do now.:eek:
Many thanks in adv
 
What is this for?
Removed Virus.Win32.ZAccess.aml and TROJ_ZACCESS.CQJ
Click to expand...

Please don't leave an unidentified entry. If it's from a log, leave the entire log.
========================================
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode. If it won't run, go one to #2.

2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

3.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.
======================================
Eset results?
 
Thank you. With so much going on in a thread, it's best to clearly identify something like this.

I notice this in Firefox: Babylon Toolbar
This is Adware: Description:

Babylon Toolbar is a useless toolbar that gets installed by other software, for instance FoxTab Videoconverter. Legal age for installation is 18 while this fact is only mentioned in the terms.
Babylon Toolbar installs itself to the system, the Internet Explorer, Firefox and Google Chrome. The Babylon.Toolbar is almost identical to Toolbar.Facemood.

We will be removing this.
-------------------------------------
You also have some file sharing programs such as Vuze. They should not be used while we are cleaning and you should note this
P2P or 'file sharing Warning:
  • Even if you are using a "safe" P2P program, it is only the program that is safe.
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers

As long as you continues with file sharing, you will continue to get malware..
 
Edit: Quote of all my instructions has been deleted.


I have removed Vuze as you said and all other programs you instructed removal of.
 
Edit: quote of my instructions has been deleted by Bobbye

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 14/03/2012 at 15:16:13.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\TVersity\Media Server\MediaServer.exe


Rkill completed on 14/03/2012 at 15:16:26.
 
Edit: Quote of my instructions has been deletd by Bobbye.


C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTrafficSolc.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinTrafficSolc.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CR5A1K6\babylon[1].exe Win32/Toolbar.Babylon application
C:\Documents and Settings\User\Music\iTunes\Mobile Applications\Fango 53.ipa JS/Exploit.CVE-2011-1250.A trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinTrafficSolc.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTrafficSolc.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinTrafficSolc.zip Win32/Bagle.gen.zip worm
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CR5A1K6\babylon[1].exe Win32/Toolbar.Babylon application
C:\Users\User\Music\iTunes\Mobile Applications\Fango 53.ipa JS/Exploit.CVE-2011-1250.A trojan

I will retry the Combofix scan
 
Edit: Removed quote if my instructions.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\regcure\backup\regcurebak_april_05_10_22_32_18\avs video converter 6.2.3.314 + crack.lnk
c:\program files\regcure\backup\regcurebak_november_03_08_01_03_28\driver.genius.pro.v7.1.622 inc keygen (trojan removed).lnk
c:\program files\regcure\backup\regcurebak_november_03_08_01_03_28\precracked - enjoy.lnk
c:\program files\regcure\backup\regcurebak_november_03_08_01_03_28\precracked - enjoy.txt.lnk
c:\users\user\desktop\bligh's\crack\avsvideoconverter.exe
c:\users\user\documents\azureus downloads\kernel.for.windows.data.recovery.v11.01.01.incl.keymaker-djinn\crack\keymaker.exe
c:\users\user\documents\my recipes\roast pork with crackling.docx
scanner sequence 3.GL.11.XMAPCB
----- EOF -----
 
You do not need to quote my instructions. You can scroll up and look at my reply.

You have multiple pirated programs. All pirated programs and downloads will have to be removed to continue support.
 
Sorry I do not understand what you are asking me to remove? Or how
I am not the only user of this computer so I'm not sure where everything has come from.
 
All of the following programs or downloads were pirated. That means basically they were stolen from the internet by using a site offering a 'crack' or 'keygen.' They give a key or license # to be used to get the programs without paying for it:

c:\program files\regcure\backup\regcurebak_april_05_10_22_32_18\avs video converter 6.2.3.314 + crack.lnk
c:\program files\regcure\backup\regcurebak_november_03_08_01_03_28\driver.genius.pro.v 7.1.622 inc keygen (trojan removed).lnk
c:\program files\regcure\backup\regcurebak_november_03_08_01_03_28\precracked - enjoy.lnk
c:\program files\regcure\backup\regcurebak_november_03_08_01_03_28\precracked - enjoy.txt.lnk
c:\users\user\desktop\bligh's\crack\avsvideoconverter.exe
c:\users\user\documents\azureus downloads\kernel.for.windows.data.recovery.v11.01.01.incl.keymaker-djinn\crack\keymaker.exe
c
Click to expand...

There may be other users, but these entries are from your logs.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
The EU says iMessage can remain closed to rivals because it's not a "gatekeeper service"...
Replies
4
Views
192
bviktor
B
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
O
Syngate - what is it and why has it shown up on my laptop?
Replies
2
Views
295
Nelson28
N

Latest posts

Back