Whenever I click on a link after a search with Google or Yahoo, I get redirected to a different page. I can directly use my address bar and I can also copy the link and go directly to the page.
AVG occasionally pops up as having blocked threats such as www.bloggingclicks.com/ads/feeds/custom_lib.php and Java exploiters.
I followed the 5-step preliminary instructions. My logs are below:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8161
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/14/2011 6:08:41 PM
mbam-log-2011-11-14 (18-08-41).txt
Scan type: Quick scan
Objects scanned: 212957
Time elapsed: 23 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\owner\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by owner at 14:04:12 on 2011-11-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1430 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\sj657\hpupdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://fieldnet.massmutual.com/fldnet/public/index.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go"
updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [HP Update 4300C] c:\sj657\hpupdate.exe 4300C
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program
files\magicdisc\MagicDisc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet
explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: vectorvest.com\www
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: DhcpNameServer = 10.128.128.128
TCP: Interfaces\{18518428-8E2E-4154-9CA1-42A7BB774BCB} : DhcpNameServer = 66.218.254.9 66.218.224.40 66.218.245.13
TCP: Interfaces\{98630EBA-A99F-49AA-9FDA-85C989D6E790} : DhcpNameServer = 10.128.128.128
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\atbekefv.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/igoogle
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-6-13 8832]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2008-12-18 49472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-2-14 32768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-2 366152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k
IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe
[2008-12-18 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-12-18 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-12-18 18448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-16 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-2 22216]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-6-13 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
[2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k
IgrsSvcs [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k
IgrsSvcs [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319
\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-12-18 81192]
.
=============== Created Last 30 ================
.
2011-11-14 16:22:52 -------- d-----w- c:\users\owner\appdata\roaming\CEE2C
2011-11-14 16:22:50 -------- d-----w- c:\users\owner\appdata\roaming\kxPP0yycS1iD3n4
2011-11-14 16:22:49 -------- d-----w- c:\users\owner\appdata\roaming\JssWWK77f
2011-11-09 12:56:19 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 12:56:16 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:56:14 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-06 01:16:19 -------- d-----w- c:\users\owner\appdata\roaming\NCH Software
2011-10-27 16:24:22 -------- d-----w- c:\program files\Digital Connections
.
==================== Find3M ====================
.
2011-11-15 00:21:59 1409 ----a-w- c:\windows\QTFont.for
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 20:27:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-22 18:43:08 3578880 ----a-w- c:\windows\system32\ffdshow.ax
2011-09-22 17:08:56 3902976 ----a-w- c:\windows\system32\ffmpeg.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 06:12:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 05:32:49 1163104 ----a-w- C:\avg_remover_stf_x86_2011_1322.exe
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-22 19:07:48 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-22 19:07:02 158208 ----a-w- c:\windows\system32\ff_unrar.dll
2011-08-22 19:07:00 259584 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-08-22 19:06:30 97280 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-08-22 19:06:30 211456 ----a-w- c:\windows\system32\ff_libdts.dll
2011-08-22 19:06:30 1524224 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-08-22 19:06:28 327680 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-08-22 19:06:28 113664 ----a-w- c:\windows\system32\ff_liba52.dll
2011-08-22 19:06:26 145920 ----a-w- c:\windows\system32\ff_libmad.dll
2011-08-22 19:06:26 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll
.
============= FINISH: 14:05:04.37 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-15 14:02:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: mrde9kqx.exe; Driver: C:\Users\owner\AppData\Local\Temp\kwloypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xADCFDF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xADCFDFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xADCFE080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xADCFE11C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3F1 822BFB74 4 Bytes [3C, DF, CF, AD] {CMP AL, 0xdf; IRET ; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 621 822BFDA4 8 Bytes [E4, DF, CF, AD, 80, E0, CF, ...] {IN AL, 0xdf; IRET ; LODSD ; AND AL, 0xcf; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 681 822BFE04 4 Bytes [1C, E1, CF, AD] {SBB AL, 0xe1; IRET ; LODSD }
.text smb.sys 90461000 135 Bytes [00, 00, 00, 00, 00, 00, 33, ...]
.text smb.sys 90461088 16 Bytes [C1, 11, 8D, 48, 0C, 83, CA, ...]
.text smb.sys 90461099 68 Bytes [14, 5D, C2, 08, 00, CC, CC, ...]
.text smb.sys 904610DE 38 Bytes [FF, 15, 70, B1, 46, 90, C3, ...]
.text smb.sys 90461105 33 Bytes [78, 10, 53, 4D, 42, 43, 74, ...]
.text ...
? C:\Windows\system32\DRIVERS\smb.sys suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 77534B84 5 Bytes JMP 00EE000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtWriteVirtualMemory 775354C4 5 Bytes JMP 00EF000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!KiUserExceptionDispatcher 77535BF8 5 Bytes JMP 00E9000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1900] ntdll.dll!NtProtectVirtualMemory 77534B84 5 Bytes JMP 0061000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1900] ntdll.dll!NtWriteVirtualMemory 775354C4 5 Bytes JMP 0062000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1900] ntdll.dll!KiUserExceptionDispatcher 77535BF8 5 Bytes JMP 0060000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtCreateProcess 775342E4 5 Bytes JMP 0035000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtCreateProcessEx 775342F4 5 Bytes JMP 008F000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtProtectVirtualMemory 77534B84 5 Bytes JMP 0029000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtWriteVirtualMemory 775354C4 5 Bytes JMP 002E000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtCreateUserProcess 77535654 5 Bytes JMP 0090000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!KiUserExceptionDispatcher 77535BF8 5 Bytes JMP 0028000A
.text C:\Windows\System32\ping.exe[3304] USER32.dll!WindowFromPoint 7587884F 5 Bytes JMP 0095000A
.text C:\Windows\System32\ping.exe[3304] USER32.dll!GetForegroundWindow 758832C4 5 Bytes JMP 0096000A
.text C:\Windows\System32\ping.exe[3304] USER32.dll!GetCursorPos 75890B88 5 Bytes JMP 0094000A
.text C:\Windows\System32\ping.exe[3304] ole32.dll!CoCreateInstance 75779F3E 5 Bytes JMP 0093000A
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) 90440000-90460000 (131072 bytes)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB16091$\2544138984 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\@ 2048 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\bckfg.tmp 846 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\cfg.ini 321 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\keywords 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\L 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\L\qnbwvoto 66560 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\80000032.@ 96256 bytes
---- EOF - GMER 1.0.15 ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2008 4:28:01 PM
System Uptime: 11/15/2011 11:38:27 AM (3 hours ago)
.
Motherboard: LENOVO | | JIWA1
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 |
1000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 104 GiB total, 11.647 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 21.699 GiB free.
E: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
ALPS Touch Pad Driver
ArcGIS Desktop
AVG 2012
Axialis IconWorkshop 6.50
Belkin Setup and Router Monitor
Bookshop Classics
Broadcom Gigabit Integrated Controller
Broadcom WLAN
Business Contact Manager for Outlook 2007 SP2
Canon RAW Codec
Conexant HD Audio
Democracy
EasyCapture
Express Dictate
Express Scribe
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
Google Chrome
Google Update Helper
GradeQuick Web Plugin
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Integrated Data Viewer 2.6
Intel(R) Graphics Media Accelerator Driver
ISO Recorder
Java Auto Updater
Java(TM) 6 Update 27
Kobo
League of Legends
Lenovo OneKey Recovery
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
LJ Comment Stats Wizard 1.7
Malwarebytes' Anti-Malware version 1.51.2.1300
Maniac Mansion Deluxe
Mbrola Tools 3.5
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Keyboard Layout Creator 1.4
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86
9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
Power2Go
Python 2.5 numpy-1.0.3
Python 2.5.1
QuickTime
Savings Bond Wizard
ScummVM 1.0.0rc1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007
(KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sentinel Protection Installer 7.2.2
Skype Click to Call
Skype™ 5.5
StepMania 3.9a (remove only)
SUPERAntiSpyware
Switch Sound File Converter
The Position Sizing™ Game
The Rosetta Stone
Titanic
Trillian
TypingMaster TypingTest
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VectorVest U.S.
VeriFace III
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 0.9.8a
WavePad Sound Editor
WikidPad 2.0rc07_1
Windows Media Player Firefox Plugin
WinRAR archiver
Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
Wolfram Notebook Indexer 2.0
XBCD Uninstaller
YOU DON'T KNOW JACK Volume 2
.
==== End Of File ===========================
Thank you.
AVG occasionally pops up as having blocked threats such as www.bloggingclicks.com/ads/feeds/custom_lib.php and Java exploiters.
I followed the 5-step preliminary instructions. My logs are below:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8161
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/14/2011 6:08:41 PM
mbam-log-2011-11-14 (18-08-41).txt
Scan type: Quick scan
Objects scanned: 212957
Time elapsed: 23 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\owner\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by owner at 14:04:12 on 2011-11-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1430 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\sj657\hpupdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://fieldnet.massmutual.com/fldnet/public/index.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go"
updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [HP Update 4300C] c:\sj657\hpupdate.exe 4300C
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program
files\magicdisc\MagicDisc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet
explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: vectorvest.com\www
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: DhcpNameServer = 10.128.128.128
TCP: Interfaces\{18518428-8E2E-4154-9CA1-42A7BB774BCB} : DhcpNameServer = 66.218.254.9 66.218.224.40 66.218.245.13
TCP: Interfaces\{98630EBA-A99F-49AA-9FDA-85C989D6E790} : DhcpNameServer = 10.128.128.128
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\atbekefv.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/igoogle
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-6-13 8832]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2008-12-18 49472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-2-14 32768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-2 366152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k
IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe
[2008-12-18 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-12-18 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-12-18 18448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-16 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-2 22216]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-6-13 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
[2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176]
S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k
IgrsSvcs [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k
IgrsSvcs [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319
\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-12-18 81192]
.
=============== Created Last 30 ================
.
2011-11-14 16:22:52 -------- d-----w- c:\users\owner\appdata\roaming\CEE2C
2011-11-14 16:22:50 -------- d-----w- c:\users\owner\appdata\roaming\kxPP0yycS1iD3n4
2011-11-14 16:22:49 -------- d-----w- c:\users\owner\appdata\roaming\JssWWK77f
2011-11-09 12:56:19 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 12:56:16 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:56:14 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-06 01:16:19 -------- d-----w- c:\users\owner\appdata\roaming\NCH Software
2011-10-27 16:24:22 -------- d-----w- c:\program files\Digital Connections
.
==================== Find3M ====================
.
2011-11-15 00:21:59 1409 ----a-w- c:\windows\QTFont.for
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 20:27:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-22 18:43:08 3578880 ----a-w- c:\windows\system32\ffdshow.ax
2011-09-22 17:08:56 3902976 ----a-w- c:\windows\system32\ffmpeg.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 06:12:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 05:32:49 1163104 ----a-w- C:\avg_remover_stf_x86_2011_1322.exe
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-22 19:07:48 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-22 19:07:02 158208 ----a-w- c:\windows\system32\ff_unrar.dll
2011-08-22 19:07:00 259584 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-08-22 19:06:30 97280 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-08-22 19:06:30 211456 ----a-w- c:\windows\system32\ff_libdts.dll
2011-08-22 19:06:30 1524224 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-08-22 19:06:28 327680 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-08-22 19:06:28 113664 ----a-w- c:\windows\system32\ff_liba52.dll
2011-08-22 19:06:26 145920 ----a-w- c:\windows\system32\ff_libmad.dll
2011-08-22 19:06:26 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll
.
============= FINISH: 14:05:04.37 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-15 14:02:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: mrde9kqx.exe; Driver: C:\Users\owner\AppData\Local\Temp\kwloypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xADCFDF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xADCFDFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xADCFE080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xADCFE11C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3F1 822BFB74 4 Bytes [3C, DF, CF, AD] {CMP AL, 0xdf; IRET ; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 621 822BFDA4 8 Bytes [E4, DF, CF, AD, 80, E0, CF, ...] {IN AL, 0xdf; IRET ; LODSD ; AND AL, 0xcf; LODSD }
.text ntkrnlpa.exe!KeSetEvent + 681 822BFE04 4 Bytes [1C, E1, CF, AD] {SBB AL, 0xe1; IRET ; LODSD }
.text smb.sys 90461000 135 Bytes [00, 00, 00, 00, 00, 00, 33, ...]
.text smb.sys 90461088 16 Bytes [C1, 11, 8D, 48, 0C, 83, CA, ...]
.text smb.sys 90461099 68 Bytes [14, 5D, C2, 08, 00, CC, CC, ...]
.text smb.sys 904610DE 38 Bytes [FF, 15, 70, B1, 46, 90, C3, ...]
.text smb.sys 90461105 33 Bytes [78, 10, 53, 4D, 42, 43, 74, ...]
.text ...
? C:\Windows\system32\DRIVERS\smb.sys suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 77534B84 5 Bytes JMP 00EE000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtWriteVirtualMemory 775354C4 5 Bytes JMP 00EF000A
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!KiUserExceptionDispatcher 77535BF8 5 Bytes JMP 00E9000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1900] ntdll.dll!NtProtectVirtualMemory 77534B84 5 Bytes JMP 0061000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1900] ntdll.dll!NtWriteVirtualMemory 775354C4 5 Bytes JMP 0062000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1900] ntdll.dll!KiUserExceptionDispatcher 77535BF8 5 Bytes JMP 0060000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtCreateProcess 775342E4 5 Bytes JMP 0035000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtCreateProcessEx 775342F4 5 Bytes JMP 008F000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtProtectVirtualMemory 77534B84 5 Bytes JMP 0029000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtWriteVirtualMemory 775354C4 5 Bytes JMP 002E000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!NtCreateUserProcess 77535654 5 Bytes JMP 0090000A
.text C:\Windows\System32\ping.exe[3304] ntdll.dll!KiUserExceptionDispatcher 77535BF8 5 Bytes JMP 0028000A
.text C:\Windows\System32\ping.exe[3304] USER32.dll!WindowFromPoint 7587884F 5 Bytes JMP 0095000A
.text C:\Windows\System32\ping.exe[3304] USER32.dll!GetForegroundWindow 758832C4 5 Bytes JMP 0096000A
.text C:\Windows\System32\ping.exe[3304] USER32.dll!GetCursorPos 75890B88 5 Bytes JMP 0094000A
.text C:\Windows\System32\ping.exe[3304] ole32.dll!CoCreateInstance 75779F3E 5 Bytes JMP 0093000A
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) 90440000-90460000 (131072 bytes)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB16091$\2544138984 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\@ 2048 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\bckfg.tmp 846 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\cfg.ini 321 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\keywords 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\L 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\L\qnbwvoto 66560 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U 0 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB16091$\3959608025\U\80000032.@ 96256 bytes
---- EOF - GMER 1.0.15 ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2008 4:28:01 PM
System Uptime: 11/15/2011 11:38:27 AM (3 hours ago)
.
Motherboard: LENOVO | | JIWA1
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 |
1000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 104 GiB total, 11.647 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 21.699 GiB free.
E: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office system
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
ALPS Touch Pad Driver
ArcGIS Desktop
AVG 2012
Axialis IconWorkshop 6.50
Belkin Setup and Router Monitor
Bookshop Classics
Broadcom Gigabit Integrated Controller
Broadcom WLAN
Business Contact Manager for Outlook 2007 SP2
Canon RAW Codec
Conexant HD Audio
Democracy
EasyCapture
Express Dictate
Express Scribe
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
Google Chrome
Google Update Helper
GradeQuick Web Plugin
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Integrated Data Viewer 2.6
Intel(R) Graphics Media Accelerator Driver
ISO Recorder
Java Auto Updater
Java(TM) 6 Update 27
Kobo
League of Legends
Lenovo OneKey Recovery
Lenovo ReadyComm 4.0
Lenovo System Repair - Windows Update Monitor
LJ Comment Stats Wizard 1.7
Malwarebytes' Anti-Malware version 1.51.2.1300
Maniac Mansion Deluxe
Mbrola Tools 3.5
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Keyboard Layout Creator 1.4
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86
9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
Power2Go
Python 2.5 numpy-1.0.3
Python 2.5.1
QuickTime
Savings Bond Wizard
ScummVM 1.0.0rc1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007
(KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sentinel Protection Installer 7.2.2
Skype Click to Call
Skype™ 5.5
StepMania 3.9a (remove only)
SUPERAntiSpyware
Switch Sound File Converter
The Position Sizing™ Game
The Rosetta Stone
Titanic
Trillian
TypingMaster TypingTest
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VectorVest U.S.
VeriFace III
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 0.9.8a
WavePad Sound Editor
WikidPad 2.0rc07_1
Windows Media Player Firefox Plugin
WinRAR archiver
Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
Wolfram Notebook Indexer 2.0
XBCD Uninstaller
YOU DON'T KNOW JACK Volume 2
.
==== End Of File ===========================
Thank you.