Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus/Trojan/Malware Infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 LAG77

LAG77

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 04 December 2009 - 06:53 PM

A few weeks ago I started noticing some odd behavior on my laptop. Running slow, that fake windows looking virus protection window kept popping up. Over the next few days I ran several different virus/malware scans numerous times and removed the items they found. I also noticed at this time that my automatic windows updater was stopped and I couldn't restart it. I tried going back to a system restore point and this seemed to make things worse. I lost connection to the internet (which I've since restored by doing some online searches), when clicking on links in my google search results I am being redirected to random pages, I have a red circle with a white "X" on my toolbar that says "Warning! You have exceeded your profile space by 1837366 KB", also I am unable to boot in safe mode (it starts loading and the last file I see before auto restart is the mup.sys). I do have windows XP firewall enabled and I use Trend Micro Antivirus. As I stated I've run several scans and have removed everything I can, the scans are no longer finding anything but I'm still having the behavior I mentioned above. Any help would be more than appreciated. Also, I know it wasn't smart, but my laptop is a Sony Vaio, which didn't come with any disks, and sadly I failed to make the recovery disks, and now if I try to make them it says I can't because another program is accessing the partition where the recovery info is located (that's not word for word, just as best as I can remember). Thanks in advance.


DDS (Ver_09-12-01.01) - NTFSx86
Run by LAG77 at 18:17:33.18 on Fri 12/04/2009
Internet Explorer: 7.0.5730.11

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [TVTunerLib] c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: text/html - {66a25815-5518-4045-9730-d6cada5caef1} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: 34b80127382 -
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-29 21:04:13 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-29 21:04:12 883 ----a-w- c:\windows\RegSDImport.xml
2009-11-29 21:04:12 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-29 21:04:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-29 21:04:12 131 ----a-w- c:\windows\IDB.zip
2009-11-29 21:04:11 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-29 21:04:11 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-29 21:04:11 1152470 ----a-w- c:\windows\UDB.zip
2009-11-29 20:55:53 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-29 20:55:53 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-29 20:55:38 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-29 20:55:38 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-29 20:55:38 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-29 20:55:38 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-29 20:54:05 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-29 20:54:05 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-29 20:53:32 0 d-----w- c:\program files\Spyware Doctor
2009-11-29 20:53:32 0 d-----w- c:\program files\common files\PC Tools
2009-11-29 20:53:32 0 d-----w- c:\docume~1\leaven~1\applic~1\PC Tools
2009-11-29 20:53:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-29 07:04:18 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 07:04:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-29 05:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-29 05:29:31 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-29 05:29:31 0 d-----w- c:\docume~1\leaven~1\applic~1\SUPERAntiSpyware.com
2009-11-29 05:28:34 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-29 02:21:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-29 00:06:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-29 00:06:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-29 00:01:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-29 00:00:20 0 d-----w- c:\program files\Lavasoft
2009-11-28 23:22:00 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-28 23:21:56 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-28 23:21:52 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-28 23:21:45 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-28 23:21:37 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-28 23:21:13 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-28 23:21:04 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-28 23:20:58 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-28 23:20:54 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-28 23:20:48 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-28 23:20:43 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-28 23:20:36 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-28 23:20:32 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-28 23:20:28 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-11-28 23:20:23 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-28 23:20:18 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-28 23:20:12 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-28 23:20:08 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-28 23:20:04 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-28 23:18:56 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-28 23:18:52 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-28 23:18:48 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-28 23:18:43 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-28 23:18:39 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-28 23:18:35 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-28 23:18:28 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-28 23:18:23 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-28 23:18:19 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-28 23:18:15 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-28 23:18:11 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-28 23:18:07 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-28 23:18:03 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-28 23:16:57 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-28 23:15:59 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-28 23:14:57 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-11-28 23:13:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-11-28 23:13:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-11-28 23:13:49 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-11-28 23:13:40 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-11-28 23:13:36 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-11-28 23:13:33 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-11-28 23:13:29 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-11-28 23:13:26 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-11-28 23:13:19 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-11-28 23:13:13 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-11-28 23:13:09 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-11-28 23:13:04 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-11-28 23:13:01 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-11-28 23:11:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-11-28 23:11:54 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2009-11-28 23:11:47 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2009-11-28 23:11:44 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2009-11-28 23:11:39 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2009-11-28 23:11:35 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2009-11-28 23:11:31 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-11-28 23:11:27 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-11-28 23:11:22 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-11-28 23:11:18 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-11-28 23:11:09 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-11-28 23:11:04 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-28 23:11:01 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-11-28 23:09:55 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-11-28 23:08:59 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-11-28 23:07:58 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-11-28 23:06:57 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2009-11-28 23:05:51 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-28 23:05:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-28 23:05:41 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-28 23:05:34 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-28 23:05:27 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-11-28 23:05:20 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-11-28 23:05:17 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-11-28 23:05:12 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-11-28 23:05:08 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-11-28 23:05:04 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-11-28 23:03:50 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-28 23:02:59 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-11-28 23:01:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-11-28 23:00:56 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-11-28 22:59:59 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2009-11-28 22:58:59 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-11-28 22:57:58 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2009-11-28 22:56:59 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2009-11-28 22:55:59 17152 -c--a-w- c:\windows\system32\dllcache\cyclad-z.sys
2009-11-28 22:54:59 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2009-11-28 22:53:59 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2009-11-28 21:53:26 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2009-11-13 00:13:59 0 d-sh--w- C:\found.002
2009-11-12 23:49:07 0 d--h--w- c:\windows\system32\3361
2009-11-12 23:43:58 0 d-----w- C:\42382a9149df327a7d517b
2009-11-12 23:16:11 0 d-----w- C:\080396fc8f0f6aacb6
2009-11-12 20:42:36 0 d-sh--w- C:\found.001
2009-11-12 01:36:33 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-12 00:28:40 0 d-----w- C:\5edad20924049b64dd660d1e29471a
2009-11-12 00:19:35 0 d-----w- C:\_Backup.RC
2009-11-11 22:46:20 0 d-sh--w- C:\found.000
2009-11-10 08:14:08 0 d-----w- c:\windows\system32\XPSViewer
2009-11-10 08:12:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-10 08:12:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-10 08:12:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-10 08:12:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-10 08:12:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-10 08:12:39 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-10 08:12:39 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-10 08:12:38 0 d-----w- C:\8d0f6b4a06bb516f2edaba7d5869
2009-11-08 18:57:49 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-08 07:57:43 27496 ----a-w- c:\windows\system32\mucltui.dll.mui

==================== Find3M ====================

2009-11-13 03:05:37 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-11-13 03:05:33 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-13 03:05:33 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-13 03:05:33 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-13 03:05:29 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-11-13 03:05:27 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-11-13 03:05:26 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-11-13 02:59:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 02:59:08 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 02:44:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-11-13 02:43:57 35328 ------w- c:\windows\system32\corpol.dll
2009-11-13 02:43:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-13 02:42:26 531192 ----a-w- c:\windows\system32\wmspdmod.dll
2009-11-13 02:42:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-11-13 02:41:02 57344 ----a-w- c:\windows\system32\msasn1.dll
2009-11-13 02:41:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-11-13 02:40:57 2189056 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-13 02:40:56 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-13 02:40:42 1435648 ----a-w- c:\windows\system32\query.dll
2009-11-13 02:32:25 75776 ----a-w- c:\windows\system32\telnet.exe
2009-11-12 23:16:12 10624 ------w- c:\windows\system32\drivers\gameenum.sys
2009-11-12 23:15:48 75776 ----a-w- c:\windows\system32\drivers\ac97via.sys
2009-11-12 07:24:59 39936 ------w- c:\windows\system32\hostmib.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\SETCF.tmp
2008-08-13 23:19:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081320080814\index.dat

============= FINISH: 18:20:04.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 18 December 2009 - 02:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 18 December 2009 - 04:21 PM

Thanks for the reply. The symptoms are still the same as I posted above and I have not made any changes/attempted fixes/etc. since then. Below is my updated DDS file. I wasn't sure if you needed the updated Attach file as well. I didn't include it, but I saved it so please let me know if you need that as well. Thanks again.


DDS (Ver_09-12-01.01) - NTFSx86
Run by LAG77 at 16:12:47.29 on Fri 12/18/2009
Internet Explorer: 7.0.5730.11

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [TVTunerLib] c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: text/html - {66a25815-5518-4045-9730-d6cada5caef1} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: 34b80127382 -
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-06 03:23:51 0 d-----w- c:\program files\Lavasoft
2009-12-06 03:23:45 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-06 03:23:41 0 d--h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-29 21:04:13 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-29 21:04:12 883 ----a-w- c:\windows\RegSDImport.xml
2009-11-29 21:04:12 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-29 21:04:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-29 21:04:12 131 ----a-w- c:\windows\IDB.zip
2009-11-29 21:04:11 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-29 21:04:11 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-29 21:04:11 1152470 ----a-w- c:\windows\UDB.zip
2009-11-29 20:55:53 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-11-29 20:55:53 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-29 20:55:38 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-29 20:55:38 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-11-29 20:55:38 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-29 20:55:38 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-29 20:54:05 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-11-29 20:54:05 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-29 20:53:32 0 d-----w- c:\program files\Spyware Doctor
2009-11-29 20:53:32 0 d-----w- c:\program files\common files\PC Tools
2009-11-29 20:53:32 0 d-----w- c:\docume~1\leaven~1\applic~1\PC Tools
2009-11-29 20:53:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-29 07:04:18 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 07:04:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-29 05:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-29 05:29:31 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-29 05:29:31 0 d-----w- c:\docume~1\leaven~1\applic~1\SUPERAntiSpyware.com
2009-11-29 02:21:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-29 00:06:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-29 00:06:22 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-28 23:22:00 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-28 23:21:56 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-28 23:21:52 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-28 23:21:45 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-28 23:21:37 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-28 23:21:13 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-28 23:21:04 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-28 23:20:58 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-28 23:20:54 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-28 23:20:48 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-28 23:20:43 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-28 23:20:36 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-28 23:20:32 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-28 23:20:28 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-11-28 23:20:23 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-28 23:20:18 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-28 23:20:12 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-28 23:20:08 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-28 23:20:04 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-28 23:18:56 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-28 23:18:52 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-28 23:18:48 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-28 23:18:43 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-28 23:18:39 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-28 23:18:35 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-28 23:18:28 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-28 23:18:23 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-28 23:18:19 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-28 23:18:15 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-28 23:18:11 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-28 23:18:07 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-28 23:18:03 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-28 23:16:57 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-28 23:15:59 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-28 23:14:57 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-11-28 23:13:57 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-11-28 23:13:52 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-11-28 23:13:49 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-11-28 23:13:40 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-11-28 23:13:36 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-11-28 23:13:33 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-11-28 23:13:29 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-11-28 23:13:26 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-11-28 23:13:19 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-11-28 23:13:13 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-11-28 23:13:09 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-11-28 23:13:04 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-11-28 23:13:01 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-11-28 23:11:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-11-28 23:11:54 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2009-11-28 23:11:47 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2009-11-28 23:11:44 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2009-11-28 23:11:39 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2009-11-28 23:11:35 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2009-11-28 23:11:31 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-11-28 23:11:27 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-11-28 23:11:22 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-11-28 23:11:18 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-11-28 23:11:09 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-11-28 23:11:04 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-28 23:11:01 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-11-28 23:09:55 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-11-28 23:08:59 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-11-28 23:07:58 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-11-28 23:06:57 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2009-11-28 23:05:51 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-28 23:05:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-28 23:05:41 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-28 23:05:34 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-28 23:05:27 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-11-28 23:05:20 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-11-28 23:05:17 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-11-28 23:05:12 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-11-28 23:05:08 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-11-28 23:05:04 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-11-28 23:03:50 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-28 23:02:59 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-11-28 23:01:57 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-11-28 23:00:56 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-11-28 22:59:59 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2009-11-28 22:58:59 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-11-28 22:57:58 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2009-11-28 22:56:59 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2009-11-28 22:55:59 17152 -c--a-w- c:\windows\system32\dllcache\cyclad-z.sys
2009-11-28 22:54:59 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2009-11-28 22:53:59 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2009-11-28 21:53:26 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys

==================== Find3M ====================

2009-11-13 03:05:37 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-11-13 03:05:33 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-13 03:05:33 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-13 03:05:33 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-13 03:05:29 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-11-13 03:05:27 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-11-13 03:05:26 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-11-13 02:59:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 02:59:08 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 02:44:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-11-13 02:43:57 35328 ------w- c:\windows\system32\corpol.dll
2009-11-13 02:43:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-13 02:42:26 531192 ----a-w- c:\windows\system32\wmspdmod.dll
2009-11-13 02:42:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-11-13 02:41:02 57344 ----a-w- c:\windows\system32\msasn1.dll
2009-11-13 02:41:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-11-13 02:40:57 2189056 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-13 02:40:56 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-13 02:40:42 1435648 ----a-w- c:\windows\system32\query.dll
2009-11-13 02:32:25 75776 ----a-w- c:\windows\system32\telnet.exe
2009-11-12 23:16:12 10624 ------w- c:\windows\system32\drivers\gameenum.sys
2009-11-12 23:15:48 75776 ----a-w- c:\windows\system32\drivers\ac97via.sys
2009-11-12 07:24:59 39936 ------w- c:\windows\system32\hostmib.dll

============= FINISH: 16:15:00.88 ===============

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 19 December 2009 - 04:47 PM

Hello, LAG77 and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 19 December 2009 - 08:15 PM

Here's my 'gmer.log', thanks.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-19 20:09:17
Windows 5.1.2600 Service Pack 3
Running: iije4m83.exe; Driver: C:\DOCUME~1\LEAVEN~1\LOCALS~1\Temp\uxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF841EE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF83FFCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF83FFECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF841F610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF841F8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF841DB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF841FD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF841F0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF83FF982]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF84557AC]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[792] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3920] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02EFB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [02EFB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [02EFB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02F208F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02EFB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02EFB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [02EF9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [02EFA320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [02EFA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02EFB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02F208F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [02EF9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [02EFA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02F208F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02EFB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [02EF9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [02EF9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02F208F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02F20920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02F208C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [02EFB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02F208F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02EFB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02F20950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02F20890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [02EFB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [02EF9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CreateFileW] [02EFAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CreateFileA] [02EFAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3920] @ C:\WINDOWS\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [02EFB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\00002698 -> \Driver\atapi \Device\Harddisk0\DR0 82EE950C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9402b0e1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001784da01ef 0xC1 0x56 0xA6 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001e75e37983 0x9D 0x96 0xA7 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9402b0e1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001784da01ef 0xC1 0x56 0xA6 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001e75e37983 0x9D 0x96 0xA7 0x28 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage@DeviceInterface {53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@DeviceInterface {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@FilterParameter UseExtendedWmdm
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice@WMDMSPCLSID {067B4B81-B1EC-489f-B111-940EBDC44EBE}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS@ProgID MsScp.SCPTRANS.1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP@ProgID WMDMCESP.WMDMCESP
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp@PnPAware 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp@ProgID WPDSp.WPDServiceProvider
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\ProgID@ ComCtl2.UpDown.1
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\TypeLib@ {FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Version@ 1.1
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\VersionIndependentProgID@ ComCtl2.UpDown
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\ProgID@ ComCtl2.Animation.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\TypeLib@ {FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Version@ 1.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\VersionIndependentProgID@ ComCtl2.Animation
Reg HKLM\SOFTWARE\Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\ProgID@ DWUSWebAgent.WebAgent.1
Reg HKLM\SOFTWARE\Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\VersionIndependentProgID@ DWUSWebAgent.WebAgent
Reg HKLM\SOFTWARE\Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\ProgID@ DWUSWebAgent.WebAgent.1
Reg HKLM\SOFTWARE\Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\VersionIndependentProgID@ DWUSWebAgent.WebAgent
Reg HKLM\SOFTWARE\Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\ProgID@ DWSetup.Player.1
Reg HKLM\SOFTWARE\Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\VersionIndependentProgID@ DWSetup.Player
Reg HKLM\SOFTWARE\Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\ProgID@ DWUSWebAgent.WebAgent.1
Reg HKLM\SOFTWARE\Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\VersionIndependentProgID@ DWUSWebAgent.WebAgent
Reg HKLM\SOFTWARE\Classes\DSP.DSP\CLSID@ {9C123EA9-AEC9-4f75-BBC0-7565FA1398966}
Reg HKLM\SOFTWARE\Classes\DSP.DSP\CurVer@ DSP.DSP.1
Reg HKLM\SOFTWARE\Classes\DSP.DSPDMOProp_Chorus.1\CLSID@ {6F63B172-5543-4593-91CE-EDBA65B9FACDB}
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0@ InstallShield UpdateService Player 1.4
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\HELPDIR@ C:\WINDOWS\Downloaded Program Files\
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0@ InstallShield Update Service WebAgent 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\HELPDIR@ C:\WINDOWS\Downloaded Program Files\
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0@ CAPICOM v2.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1@ Microsoft Windows Common Controls-2 5.0 (SP2)
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\FLAGS@ 2
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\DefaultIcon@ C:\Program Files\InterVideo\WinDVDX\WinDVDX.exe,0
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open@ Open
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open\Command
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open\Command@ C:\Program Files\InterVideo\WinDVDX\WinDVDX.exe %1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 20 December 2009 - 04:24 AM

Hi,

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types". If you need help doing this, please refer to this tutorial for help: How to see hidden files in Windows

Right click My Computer, left click Explore, then make sure that view is reduced (press the "double-square" symbol upper right hand corner) so you can also see the desktop.

Navigate to the following folder:

C:\Windows\System32\Drivers <----

If needed go to View and click List, to make the file view easier to look through.

Then locate the following files, right click them, drag thrm to the desktop, release and select Move Here:

atapi.sys

Then press F5 to refresh the view, and make sure Windows replaced the atapi.sys file in the Drivers folder. If it did not, let me know here and put the desktop copy back in the Drivers folder by reversing the steps just done.

Either way let me know how you did with that before we move to some next steps.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 20 December 2009 - 12:32 PM

Ok, when I tried moving atapi.sys to my desktop I got a message saying "Cannot move atapi: It is being used by another person or program. Close any programs that might be using the file and try again."

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 22 December 2009 - 12:05 PM

Hi,

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 22 December 2009 - 03:18 PM

Hi,

Since you clearly stated that ComboFix is NOT a toy, I wanted to let you know what's happening before I proceed. I disabled my antivirus and downloaded/renamed ComboFix, but when I run it a box pops up right away with the header "Error-Win32 Only" and contains the message "Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP." Of course I AM running XP. About 3 seconds after that box pops up another box pops up containg the "Disclaimer of Warranty On Software" for ComboFix. I can either click Yes or No on that box.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 23 December 2009 - 10:48 AM

Please click yes and run the tool :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 23 December 2009 - 02:12 PM

Ok, when I ran ComboFix it found something with the rootkit and had to reboot. Upon reboot ComboFix started again automatically and ran through several "stages" before it got to a point where it said it was "deleting folders". It started making a list of what I assume were the folders it was deleting but after a few minutes it seemed to just get hung up. I'm sending this from a different PC, so ComboFix is still running on the laptop in question but there's no hard drive activity and it's just stuck on a flashing command prompt. It's been like that for about 20 minutes. It definitely doesn't seem to be doing anything.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 23 December 2009 - 02:46 PM

Please let it run for the next 10 minutes, then please reboot your system.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 23 December 2009 - 03:06 PM

Ok, I was wrong, it was actually doing something. I let it run and it finished and rebooted on it's own. Below is the ComboFix.txt file.



ComboFix 09-12-21.08 - LAG77 12/23/2009 13:27:15.1.1 - x86
Running from: c:\documents and settings\Leaven Gresalfi\Desktop\schrauber.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Leaven Gresalfi\Application Data\020000002493df06C.manifest
c:\documents and settings\Leaven Gresalfi\Application Data\020000002493df06O.manifest
c:\documents and settings\Leaven Gresalfi\Application Data\020000002493df06P.manifest
c:\documents and settings\Leaven Gresalfi\Application Data\020000002493df06R.manifest
c:\documents and settings\Leaven Gresalfi\Application Data\020000002493df06S.manifest
c:\program files\Shared
c:\recycler\S-1-5-21-1644491937-1292428093-725345543-1003
c:\recycler\S-1-5-21-1682508817-1800803623-1141150777-1003
c:\recycler\S-1-5-21-2290454960-2953975225-4089710087-1003
c:\recycler\S-1-5-21-246832256-3006914963-493307199-1003
c:\recycler\S-1-5-21-3293920870-4118683337-1468059775-1003
c:\recycler\S-1-5-21-939244760-1862961615-370437480-1003
c:\windows\setup.exe
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\3361

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_acpi32
-------\Legacy_ati64si
-------\Legacy_JMNHHGRTJA35UJGHUYKJ6R8IO9IUJG80
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_jmnhhgrtja35ujghuykj6r8io9iujg80


((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-23 19:40 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-23 19:40 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-23 19:39 . 2009-12-23 19:40 -------- d-----w- c:\windows\LastGood
2009-12-23 18:12 . 2009-12-23 18:14 -------- d-----w- C:\32788R22FWJFW
2009-12-06 03:23 . 2009-12-06 03:23 -------- d-----w- c:\program files\Lavasoft
2009-12-06 03:23 . 2009-12-06 03:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-06 03:23 . 2009-12-06 03:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-29 21:26 . 2009-11-29 21:26 -------- d-----w- c:\documents and settings\Leaven Gresalfi\Local Settings\Application Data\Threat Expert
2009-11-29 21:04 . 2009-10-08 16:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-29 21:04 . 2009-10-08 16:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-29 21:04 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-11-29 21:04 . 2009-10-08 16:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-29 21:04 . 2009-10-08 16:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-29 21:04 . 2009-10-02 19:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-29 20:55 . 2009-09-24 13:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-29 20:55 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-29 20:55 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-29 20:54 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-29 20:53 . 2009-11-29 23:04 -------- d-----w- c:\program files\Spyware Doctor
2009-11-29 20:53 . 2009-11-29 21:05 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-29 20:53 . 2009-11-29 20:53 -------- d-----w- c:\documents and settings\Leaven Gresalfi\Application Data\PC Tools
2009-11-29 20:53 . 2009-11-29 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-29 20:52 . 2009-12-23 19:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-29 07:04 . 2009-11-29 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 07:04 . 2009-11-29 07:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-29 05:30 . 2009-11-29 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-29 05:29 . 2009-12-06 03:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-29 05:29 . 2009-11-29 05:29 -------- d-----w- c:\documents and settings\Leaven Gresalfi\Application Data\SUPERAntiSpyware.com
2009-11-29 02:21 . 2009-11-29 00:06 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-29 00:06 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-29 00:06 . 2009-11-29 00:06 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-29 00:00 . 2009-12-06 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-28 23:22 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-28 23:21 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-28 23:21 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-28 23:21 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-28 23:21 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-28 23:21 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-28 23:21 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-28 23:20 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-28 23:20 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-28 23:20 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-28 23:20 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-28 23:20 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-11-28 23:20 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-11-28 23:20 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-11-28 23:20 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-28 23:20 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-28 23:20 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-28 23:20 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-28 23:20 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-28 23:18 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-28 23:18 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-28 23:18 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-28 23:18 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-28 23:18 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-28 23:18 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-28 23:18 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-28 23:18 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-28 23:18 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-28 23:18 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-28 23:18 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-28 23:18 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-28 23:18 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-28 23:16 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-28 23:15 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-28 23:14 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-11-28 23:13 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-11-28 23:13 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-11-28 23:13 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-11-28 23:13 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-11-28 23:13 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-11-28 23:13 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-11-28 23:13 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-11-28 23:13 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-11-28 23:13 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-11-28 23:13 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-11-28 23:13 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-11-28 23:13 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-11-28 23:13 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-11-28 23:11 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2009-11-28 23:11 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2009-11-28 23:11 . 2001-08-18 03:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2009-11-28 23:11 . 2001-08-18 03:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2009-11-28 23:11 . 2001-08-17 17:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2009-11-28 23:11 . 2001-08-17 17:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2009-11-28 23:11 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-11-28 23:11 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-11-28 23:11 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-11-28 23:11 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2009-11-28 23:11 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-11-28 23:11 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-28 23:11 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-11-28 23:09 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-11-28 23:08 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-11-28 23:07 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-11-28 23:06 . 2001-08-18 03:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2009-11-28 23:05 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-28 23:05 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-28 23:05 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-11-28 23:05 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-11-28 23:05 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-11-28 23:05 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-11-28 23:05 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-11-28 23:05 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-11-28 23:05 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-11-28 23:05 . 2001-08-17 17:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-11-28 23:03 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-28 23:02 . 2004-08-04 12:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-11-28 23:01 . 2001-08-17 19:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-11-28 23:00 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-11-28 22:59 . 2001-08-17 18:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2009-11-28 22:58 . 2001-08-17 17:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-11-28 22:57 . 2001-08-17 17:11 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2009-11-28 22:56 . 2001-08-18 03:36 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2009-11-28 22:55 . 2001-08-17 18:50 17152 -c--a-w- c:\windows\system32\dllcache\cyclad-z.sys
2009-11-28 22:54 . 2001-08-18 03:36 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2009-11-28 22:53 . 2001-08-17 19:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2009-11-28 21:53 . 2004-08-04 03:41 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2009-11-28 05:17 . 2009-11-28 05:17 -------- d-----w- C:\ERDNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 05:47 . 2009-11-29 05:31 117760 ----a-w- c:\documents and settings\Leaven Gresalfi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-29 00:06 . 2009-11-29 00:06 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-29 00:06 . 2009-11-29 00:06 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-29 00:06 . 2009-11-29 00:06 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-29 00:06 . 2009-11-29 00:06 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-29 00:06 . 2009-11-29 00:06 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-29 00:06 . 2009-11-29 00:06 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-29 00:06 . 2009-11-29 00:05 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-11-29 00:05 . 2009-11-29 00:05 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-29 00:05 . 2009-11-29 00:05 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-29 00:05 . 2009-11-29 00:05 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-29 00:05 . 2009-11-29 00:05 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-29 00:05 . 2009-11-29 00:05 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-29 00:05 . 2009-11-29 00:05 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-29 00:05 . 2009-11-29 00:05 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-29 00:05 . 2009-11-29 00:05 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-29 00:05 . 2009-11-29 00:05 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-29 00:05 . 2009-11-29 00:05 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-29 00:04 . 2009-11-29 00:04 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-29 00:04 . 2009-11-29 00:04 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-29 00:04 . 2009-11-29 00:04 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-29 00:04 . 2009-11-29 00:04 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-29 00:04 . 2009-11-29 00:04 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-29 00:04 . 2009-11-29 00:04 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-29 00:04 . 2009-11-29 00:04 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-28 21:59 . 2005-12-26 02:38 37560 ----a-w- c:\documents and settings\Leaven Gresalfi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 03:05 . 2009-09-13 03:01 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-11-13 03:05 . 2009-09-13 03:15 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-13 03:05 . 2009-09-13 03:15 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-13 03:05 . 2009-09-13 03:15 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-13 03:05 . 2009-09-13 03:01 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-11-13 03:05 . 2009-09-13 03:01 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-11-13 03:05 . 2009-09-13 03:01 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-11-13 02:59 . 2009-06-16 19:26 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-13 02:59 . 2008-09-13 04:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 02:59 . 2008-09-13 04:13 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 02:56 . 2005-07-13 18:10 34328 ----a-w- c:\windows\system32\wups.dll
2009-11-13 02:56 . 2005-05-26 09:16 43544 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 02:44 . 2005-07-13 17:55 827392 ----a-w- c:\windows\system32\wininet.dll
2009-11-13 02:43 . 2005-07-13 17:55 35328 ------w- c:\windows\system32\corpol.dll
2009-11-13 02:43 . 2005-07-13 17:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-13 02:42 . 2005-07-13 17:55 531192 ----a-w- c:\windows\system32\wmspdmod.dll
2009-11-13 02:42 . 2005-07-13 17:55 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-11-13 02:41 . 2005-07-13 17:55 57344 ----a-w- c:\windows\system32\msasn1.dll
2009-11-13 02:41 . 2005-07-13 17:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-11-13 02:40 . 2005-07-13 17:55 2189056 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-13 02:40 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-13 02:40 . 2005-07-13 17:55 1435648 ----a-w- c:\windows\system32\query.dll
2009-11-13 02:32 . 2005-07-13 17:55 75776 ----a-w- c:\windows\system32\telnet.exe
2009-11-12 23:16 . 2008-07-22 02:02 10624 ------w- c:\windows\system32\drivers\gameenum.sys
2009-11-12 23:15 . 2005-07-13 17:55 75776 ----a-w- c:\windows\system32\drivers\ac97via.sys
2009-11-12 07:24 . 2008-07-22 02:02 39936 ------w- c:\windows\system32\hostmib.dll
2009-11-10 08:14 . 2009-11-10 08:14 -------- d-----w- c:\program files\MSBuild
2009-11-10 08:13 . 2009-11-10 08:13 -------- d-----w- c:\program files\Reference Assemblies
2009-11-09 23:15 . 2008-09-13 04:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 18:57 . 2008-09-13 01:54 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-08 18:56 . 2009-06-04 17:27 -------- d-----w- c:\documents and settings\Leaven Gresalfi\Application Data\CameraWindowDC
2009-11-08 18:55 . 2008-08-29 21:07 -------- d-----w- c:\program files\Trend Micro
2009-11-08 18:55 . 2008-08-29 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-10-03 08:15 . 2009-11-29 00:01 2924848 ----a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
.

------- Sigcheck -------

[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"TVTunerLib"="c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 245760]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-19 185896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-11-13 1020248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135624354\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135624354\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 4c31b407;4c31b407;c:\windows\System32\drivers\4c31b407.sys [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-29 1184912]
R3 EraserUtilDrv10501;EraserUtilDrv10501;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10501.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-18 311872]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-18 7520337]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-11-13 36368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-11-13 50704]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-11-13 689416]

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
.
- - - - ORPHANS REMOVED - - - -

Notify-34b80127382 - (no file)
AddRemove-Microsoft .NET Framework 2.0 - c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 14:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2495724786-617155992-445640522-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2495724786-617155992-445640522-1006\Software\Microsoft\MediaPlayer\Preferences\EqualizerSettings]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2495724786-617155992-445640522-1006\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2495724786-617155992-445640522-1006\Software\Microsoft\MediaPlayer\Preferences\VideoSettings]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2495724786-617155992-445640522-1006\Software\Sony\ImageStation]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Control]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus]
@DACL=(02 0000)
@SACL=
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\ProgID]
@DACL=(02 0000)
@SACL=
@="ComCtl2.UpDown.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Programmable]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Version]
@DACL=(02 0000)
@SACL=
@="1.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="ComCtl2.UpDown"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Control]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus]
@DACL=(02 0000)
@SACL=
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\ProgID]
@DACL=(02 0000)
@SACL=
@="ComCtl2.Animation.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Programmable]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Version]
@DACL=(02 0000)
@SACL=
@="1.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="ComCtl2.Animation"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\ProgID]
@DACL=(02 0000)
@SACL=
@="DWUSWebAgent.WebAgent.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="DWUSWebAgent.WebAgent"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\ProgID]
@DACL=(02 0000)
@SACL=
@="DWUSWebAgent.WebAgent.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="DWUSWebAgent.WebAgent"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\ProgID]
@DACL=(02 0000)
@SACL=
@="DWSetup.Player.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="DWSetup.Player"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\ProgID]
@DACL=(02 0000)
@SACL=
@="DWUSWebAgent.WebAgent.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="DWUSWebAgent.WebAgent"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CLSID]
@DACL=(02 0000)
@SACL=
@="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSP\CurVer]
@DACL=(02 0000)
@SACL=
@="DSP.DSP.1"

[HKEY_LOCAL_MACHINE\software\Classes\DSP.DSPDMOProp_Chorus.1\CLSID]
@DACL=(02 0000)
@SACL=
@="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0]
@DACL=(02 0000)
@SACL=
@="InstallShield UpdateService Player 1.4"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0]
@DACL=(02 0000)
@SACL=
@="InstallShield Update Service WebAgent 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0]
@DACL=(02 0000)
@SACL=
@="CAPICOM v2.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1]
@DACL=(02 0000)
@SACL=
@="Microsoft Windows Common Controls-2 5.0 (SP2)"

[HKEY_LOCAL_MACHINE\software\Classes\WinDVDX.playback\DefaultIcon]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\InterVideo\\WinDVDX\\WinDVDX.exe,0"

[HKEY_LOCAL_MACHINE\software\Classes\WinDVDX.playback\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\LanExpress\LAN-Express AS IEEE 802.11 Wireless LAN]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\mupdate\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"

[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Sony Corporation\OpenMG\APID]
@DACL=(02 0000)
@SACL=
@=""
"001-081-019-500100-2-0001"="true"
"002-001-008-930187-1-0000"="true"
"003-001-008-911651-1-0000"="true"
"004-001-008-901810-1-0000"="true"

[HKEY_LOCAL_MACHINE\software\Sony Corporation\OpenMG\Applications]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Sony Corporation\OpenMG\AutoUpdate]
@DACL=(02 0000)
@SACL=
"Repository"="c:\\Program Files\\Common Files\\Sony Shared\\OpenMG\\updater"
"SysUpdaterFileName"="udlaunch.exe"
"LocalGroupList"="grouplist.xml"
"ForceUpdate"=dword:00000000
"DisableUpdate"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Sony Corporation\OpenMG\PC]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Sony Corporation\OpenMG\PD]
@DACL=(02 0000)
@SACL=
@=""

[HKEY_LOCAL_MACHINE\software\Sony Electronics\Sony Certificate PCH]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Sony Electronics\VAIO Registration]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Apoint\Apntex.exe
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-23 15:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-23 19:57

Pre-Run: 49,121,067,008 bytes free
Post-Run: 50,013,065,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

- - End Of File - - B0641AD8585B0264159B57C07CCF5F9E

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:29 PM

Posted 26 December 2009 - 03:07 AM

Hi,

Sorry for the delay.

How is your system running? Please post back with a fresh Gmer logfile, also please do this:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 LAG77

LAG77
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 26 December 2009 - 03:30 PM

Hi,

No problem about the delay. I appreciate the help so far.

I haven't used the system much recently because I was waiting to see if there were any further steps you thought I should take. I did notice it seems to be booting up faster and the Windows Update icon is popping up, which I haven't seen since the system was infected.

Here is the refreshed Gmer logfile:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 15:18:48
Windows 5.1.2600 Service Pack 3
Running: iije4m83.exe; Driver: C:\DOCUME~1\LEAVEN~1\LOCALS~1\Temp\uxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF841EE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF83FFCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF83FFECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF841F610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF841F8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF841DB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF841FD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF841F0E2]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA9720B0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2248] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [022EB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [022EB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [022EB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [023108F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [022EB240] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [022EB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [022E9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [022EA320] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [022EA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [022EB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [023108F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [022E9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [022EA7F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [023108F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [022EB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [022E9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [023108F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02310920] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [022E9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [023108C0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [022EB910] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [023108F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [022EB460] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02310950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02310890] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [022EB8B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [022E9BC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CreateFileW] [022EAF80] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CreateFileA] [022EAD70] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2248] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!CloseHandle] [022EB810] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9402b0e1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001784da01ef 0xC1 0x56 0xA6 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001e75e37983 0x9D 0x96 0xA7 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9402b0e1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001784da01ef 0xC1 0x56 0xA6 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9402b0e1@001e75e37983 0x9D 0x96 0xA7 0x28 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage@DeviceInterface {53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@DeviceInterface {F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players@FilterParameter UseExtendedWmdm
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice@DeviceInterface {25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice@WMDMSPCLSID {067B4B81-B1EC-489f-B111-940EBDC44EBE}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS@ProgID MsScp.SCPTRANS.1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP@ProgID WMDMCESP.WMDMCESP
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp@PnPAware 1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp@ProgID WPDSp.WPDServiceProvider
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\ProgID@ ComCtl2.UpDown.1
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\TypeLib@ {FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\Version@ 1.1
Reg HKLM\SOFTWARE\Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\VersionIndependentProgID@ ComCtl2.UpDown
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\ProgID@ ComCtl2.Animation.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\TypeLib@ {FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Version@ 1.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\VersionIndependentProgID@ ComCtl2.Animation
Reg HKLM\SOFTWARE\Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\ProgID@ DWUSWebAgent.WebAgent.1
Reg HKLM\SOFTWARE\Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\VersionIndependentProgID@ DWUSWebAgent.WebAgent
Reg HKLM\SOFTWARE\Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\ProgID@ DWUSWebAgent.WebAgent.1
Reg HKLM\SOFTWARE\Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\VersionIndependentProgID@ DWUSWebAgent.WebAgent
Reg HKLM\SOFTWARE\Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\ProgID@ DWSetup.Player.1
Reg HKLM\SOFTWARE\Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\VersionIndependentProgID@ DWSetup.Player
Reg HKLM\SOFTWARE\Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\ProgID@ DWUSWebAgent.WebAgent.1
Reg HKLM\SOFTWARE\Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\VersionIndependentProgID@ DWUSWebAgent.WebAgent
Reg HKLM\SOFTWARE\Classes\DSP.DSP\CLSID@ {9C123EA9-AEC9-4f75-BBC0-7565FA1398966}
Reg HKLM\SOFTWARE\Classes\DSP.DSP\CurVer@ DSP.DSP.1
Reg HKLM\SOFTWARE\Classes\DSP.DSPDMOProp_Chorus.1\CLSID@ {6F63B172-5543-4593-91CE-EDBA65B9FACDB}
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0@ InstallShield UpdateService Player 1.4
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{4DE44111-CCD6-4DDD-821B-5D1515C894DE}\1.0\HELPDIR@ C:\WINDOWS\Downloaded Program Files\
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0@ InstallShield Update Service WebAgent 1.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\HELPDIR
Reg HKLM\SOFTWARE\Classes\TypeLib\{966DC062-019F-4555-AC11-21C9BE4DB2D7}\1.0\HELPDIR@ C:\WINDOWS\Downloaded Program Files\
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0@ CAPICOM v2.0 Type Library
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.0\FLAGS@ 0
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1@ Microsoft Windows Common Controls-2 5.0 (SP2)
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\0
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\FLAGS
Reg HKLM\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\FLAGS@ 2
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\DefaultIcon@ C:\Program Files\InterVideo\WinDVDX\WinDVDX.exe,0
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open@ Open
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open\Command
Reg HKLM\SOFTWARE\Classes\WinDVDX.playback\shell\open\Command@ C:\Program Files\InterVideo\WinDVDX\WinDVDX.exe %1

---- EOF - GMER 1.0.15 ----

Here is the RSIT log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by LAG77 at 2009-12-26 15:23:31
WIN_XP Service Pack 3
System drive C: has 48 GB (68%) free of 70 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:08 PM, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Leaven Gresalfi\Desktop\RSIT.exe
C:\Program Files\trend micro\Leaven Gresalfi.exe
C:\WINDOWS\system32\HPZinw12.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2495724786-617155992-445640522-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2495724786-617155992-445640522-1006\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (User '?')
O4 - HKUS\S-1-5-21-2495724786-617155992-445640522-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2495724786-617155992-445640522-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-2495724786-617155992-445640522-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-2495724786-617155992-445640522-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15893 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-29 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-29 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-29 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-29 114688]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-06-29 14720000]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-04-29 45056]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-05-15 184320]
"TVTunerLib"=C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe [2005-02-16 245760]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-01-14 151552]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-06-09 6746112]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2005-01-31 192512]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-19 185896]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-07 176128]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2005-07-07 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2005-07-07 491520]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-11-12 1020248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-03-01 4670968]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-21 39408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-29 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1135624354\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1135624354\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1135624354\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1135624354\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-26 15:23:31 ----D---- C:\rsit
2009-12-23 15:00:39 ----A---- C:\ComboFix.txt
2009-12-23 14:40:14 ----A---- C:\WINDOWS\system32\muweb.dll
2009-12-23 14:40:13 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-23 13:18:16 ----A---- C:\Boot.bak
2009-12-23 13:17:56 ----RASHD---- C:\cmdcons
2009-12-23 13:15:24 ----A---- C:\WINDOWS\zip.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\SWSC.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\SWREG.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\sed.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\PEV.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\MBR.exe
2009-12-23 13:15:24 ----A---- C:\WINDOWS\grep.exe
2009-12-23 13:14:06 ----D---- C:\WINDOWS\ERDNT
2009-12-23 13:12:52 ----D---- C:\32788R22FWJFW
2009-12-22 15:07:41 ----D---- C:\Qoobox
2009-12-05 22:23:51 ----D---- C:\Program Files\Lavasoft
2009-12-05 22:23:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-05 22:23:41 ----HD---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-04 18:34:20 ----A---- C:\RootRepeal report 12-04-09 (18-34-20).txt
2009-11-29 16:04:13 ----A---- C:\WINDOWS\BDTSupport.dll
2009-11-29 16:04:12 ----A---- C:\WINDOWS\SGDetectionTool.dll
2009-11-29 16:04:11 ----A---- C:\WINDOWS\PCTBDRes.dll
2009-11-29 16:04:11 ----A---- C:\WINDOWS\PCTBDCore.dll
2009-11-29 15:53:32 ----D---- C:\Program Files\Spyware Doctor
2009-11-29 15:53:32 ----D---- C:\Program Files\Common Files\PC Tools
2009-11-29 15:53:32 ----D---- C:\Documents and Settings\Leaven Gresalfi\Application Data\PC Tools
2009-11-29 15:53:32 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-11-29 15:52:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-29 02:04:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-29 02:04:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 00:30:59 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-29 00:29:31 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-29 00:29:31 ----D---- C:\Documents and Settings\Leaven Gresalfi\Application Data\SUPERAntiSpyware.com
2009-11-28 21:21:00 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-28 19:00:20 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-28 00:17:28 ----A---- C:\WINDOWS\resetlog.txt
2009-11-28 00:17:12 ----D---- C:\ERDNT

======List of files/folders modified in the last 1 months======

2009-12-26 15:24:08 ----D---- C:\Program Files\Trend Micro
2009-12-26 15:23:44 ----D---- C:\WINDOWS\Prefetch
2009-12-26 15:19:19 ----D---- C:\WINDOWS\Temp
2009-12-26 13:22:20 ----D---- C:\WINDOWS
2009-12-26 13:21:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-26 13:20:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-26 13:20:33 ----D---- C:\WINDOWS\system32\Lang
2009-12-26 13:20:27 ----D---- C:\WINDOWS\system32
2009-12-23 15:00:47 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 14:47:56 ----A---- C:\WINDOWS\system.ini
2009-12-23 14:40:10 ----HD---- C:\WINDOWS\inf
2009-12-23 14:40:10 ----D---- C:\WINDOWS\Help
2009-12-23 14:36:17 ----D---- C:\WINDOWS\system32\config
2009-12-23 13:48:31 ----RD---- C:\Program Files
2009-12-23 13:44:57 ----D---- C:\WINDOWS\AppPatch
2009-12-23 13:34:52 ----D---- C:\Program Files\Common Files
2009-12-23 13:26:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-23 13:18:17 ----RASH---- C:\boot.ini
2009-12-05 22:34:12 ----D---- C:\WINDOWS\system32\wbem
2009-12-05 22:24:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-05 22:23:51 ----D---- C:\Config.Msi
2009-12-05 22:23:50 ----SHD---- C:\WINDOWS\Installer
2009-12-05 22:19:59 ----D---- C:\WINDOWS\network diagnostic
2009-12-05 21:50:39 ----SD---- C:\WINDOWS\Tasks
2009-11-29 15:55:06 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-11-12 89872]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-04 62799]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-07-13 17801]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-11-12 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-11-12 225808]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-11-12 1223832]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-05-23 1034752]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-05-23 178048]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-29 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-06-10 76800]
R3 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R3 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-03-30 47230]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-23 716288]
S1 4c31b407;4c31b407; C:\WINDOWS\System32\drivers\4c31b407.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\schrauber\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilDrv10501;EraserUtilDrv10501; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10501.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-07 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-07 21744]
S3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2005-02-11 456448]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-12 1897408]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYTVC;Sony MPEG RR-Engine; C:\WINDOWS\system32\DRIVERS\SONYTVC.sys [2005-03-18 237568]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-16 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-04-22 98048]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-04-22 52608]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uxtdapob;uxtdapob; \??\C:\DOCUME~1\LEAVEN~1\LOCALS~1\Temp\uxtdapob.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-05 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-11-12 715368]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-20 153600]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-06-15 167936]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-06-15 135168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-11-12 345352]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-11-12 689416]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-09 143360]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-06-15 270336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-28 1184912]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-06-09 127044]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2005-02-10 397312]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-06-15 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-06-07 1851392]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-06-07 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-06-07 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-06-07 188416]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

And here is the RSIT Info file:

info.txt logfile of random's system information tool 1.06 2009-12-26 15:24:18

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Defender 2.0.6.10-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Digital Camera Solution Disk 40-46 Software Starter Guide-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\SoftwareStarterGuide-DCSD40_46\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon Personal Printing Guide-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Personal Printing Guide\Uninst.ini"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.4.10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Image Zone 4.7-->C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express-->MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 4.7-->"C:\Program Files\Hewlett-Packard\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Image Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29999594-B540-4C88-A8D3-C99CA43809FC}\Setup.exe" /UNINSTALL
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LAN-Express AS IEEE 802.11 Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (VAIO_VEDB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Netscape Internet Service Setup-->"C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio DigitalMedia Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio DigitalMedia Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio DigitalMedia Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x9 UNINSTALL
SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony USB Mouse-->Pmuninst.exe MouseSuite98
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Trend Micro AntiVirus-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VAIO Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Light Flo Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}\setup.exe" -l0x9
VAIO Long Battery Life Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}\setup.exe" -l0x9
VAIO Media 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Registration Tool 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver VAIO Scene SD Wide Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E365AAB7-F160-4E2F-ACAC-28D487ACF47D}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x9 UNINSTALL
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82081533-F045-469E-BD53-F16839E445C3}\setup.exe" -l0x9 -removeonly
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO TV Tuner Library 1.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}\setup.exe"
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIO Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
VAIO Zone Remote Commander-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}\Setup.exe" -l0x9
VAIO Zone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Player 10 Hotfix [See KB886612 for more information]-->C:\WINDOWS\$NtUninstallKB886612$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users