new logs
Hi!
The problem is only with Internet explorer,I post three new log for your review, thanks for your help
GMER 1.0.15.15125 -
http://www.gmer.net
Rootkit scan 2009-10-08 21:21:35
Windows 5.1.2600 Service Pack 2
Running: qykox6j7.exe; Driver: C:\DOCUME~1\HAMIDY~1\LOCALS~1\Temp\pwloqpog.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[724] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 013E8850
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 013E9AB0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 013EB3C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 013E9D20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 013E9B30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 013EC300
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 013EC340
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 013EC6E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 013EC1C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 013EB320
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 013EA2E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013E9C90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 013EA010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 013ECC60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 013EAD10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 013EB180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 013EB840
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 013EB5D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 013EB7C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 013EBCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 013EB9B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 013E9C00
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013EA190
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 013EC420
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 013EB710
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 013EB2C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 013EB140
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 013EB4D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 013EC700
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 013EB510
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 013EA9C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 013EC9A0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 013EC940
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 013ECB90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 013ECC30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 013ECA60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 013EC650
IAT C:\Program Files\Registry Mechanic\RegMech.exe[880] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 013EC600
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2152] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8C 0xC1 0xBB 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0xCF 0x52 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xBF 0x85 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8C 0xC1 0xBB 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0xCF 0x52 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xBF 0x85 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8C 0xC1 0xBB 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0xCF 0x52 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x75 0xBF 0x85 0xE5 ...
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/19/2009 1:10:08 AM
System Uptime: 10/8/2009 2:33:37 PM (7 hours ago)
Motherboard: Dell Inc. | | 0KD882
Processor: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz | Microprocessor | 1995/133mhz
Processor: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz | Microprocessor | 1994/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 39 GiB total, 14.464 GiB free.
D: is FIXED (FAT32) - 24 GiB total, 16.663 GiB free.
E: is FIXED (FAT32) - 24 GiB total, 17.517 GiB free.
F: is FIXED (FAT32) - 24 GiB total, 5.115 GiB free.
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP148: 9/11/2009 11:06:33 PM - Installed CuteFTP 8 Home
RP149: 9/12/2009 11:06:57 PM - System Checkpoint
RP150: 9/13/2009 11:33:28 PM - System Checkpoint
RP151: 9/15/2009 12:40:18 AM - System Checkpoint
RP152: 9/16/2009 3:37:13 AM - System Checkpoint
RP153: 9/17/2009 4:04:39 AM - System Checkpoint
RP154: 9/18/2009 9:27:41 PM - System Checkpoint
RP155: 9/21/2009 12:10:37 AM - System Checkpoint
RP156: 9/22/2009 12:17:38 AM - System Checkpoint
RP157: 9/23/2009 2:00:30 AM - System Checkpoint
RP158: 9/24/2009 12:09:35 AM - Installed Horas
RP159: 9/24/2009 5:27:06 PM - Removed Horas
RP160: 9/25/2009 6:51:49 PM - System Checkpoint
RP161: 9/26/2009 11:16:15 PM - System Checkpoint
RP162: 9/27/2009 11:23:13 PM - System Checkpoint
RP163: 9/29/2009 12:32:56 AM - System Checkpoint
RP164: 9/30/2009 12:43:19 AM - System Checkpoint
RP165: 10/1/2009 1:02:25 AM - System Checkpoint
RP166: 10/2/2009 12:11:58 PM - System Checkpoint
RP167: 10/2/2009 4:08:27 PM - Installed Windows XP KB958644.
RP168: 10/2/2009 6:11:43 PM - Installed AVG Free 8.5
RP169: 10/3/2009 2:49:47 AM - Installed Windows XP KB915865.
RP170: 10/3/2009 2:50:44 AM - Installed Windows NLSDownlevelMapping.
RP171: 10/3/2009 2:51:26 AM - Installed Windows IDNMitigationAPIs.
RP172: 10/3/2009 2:51:55 AM - Installed Windows Internet Explorer 7.
RP173: 10/3/2009 3:06:00 AM - Software Distribution Service 3.0
RP174: 10/3/2009 11:55:17 AM - Avg8 Update
RP175: 10/3/2009 6:48:31 PM - Avg8 Update
RP176: 10/4/2009 12:41:38 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP177: 10/4/2009 1:08:46 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP178: 10/4/2009 1:44:09 PM - Installed Windows XP KB915865.
RP179: 10/4/2009 1:45:12 PM - Installed Windows NLSDownlevelMapping.
RP180: 10/4/2009 1:45:51 PM - Installed Windows IDNMitigationAPIs.
RP181: 10/4/2009 1:46:27 PM - Installed Windows Internet Explorer 7.
RP182: 10/5/2009 8:13:26 PM - Installed RangeMax Wireless-N USB Adapter WN111v2
RP183: 10/6/2009 2:09:07 PM - Removed Microsoft Office Professional Edition 2003
RP184: 10/6/2009 2:22:02 PM - Installed Microsoft Office Professional Edition 2003
RP185: 10/6/2009 2:26:27 PM - Configured Microsoft Office Professional 2007
RP186: 10/6/2009 2:37:23 PM - Removed Microsoft Office Professional Edition 2003
RP187: 10/6/2009 2:44:44 PM - Installed Microsoft Office Professional Edition 2003
RP188: 10/6/2009 2:52:10 PM - Configured Microsoft Office Professional 2007
RP189: 10/7/2009 12:38:41 AM - Avira AntiVir Personal - 10/7/2009 0:38
RP190: 10/7/2009 1:02:18 AM - Configured RangeMax Wireless-N USB Adapter WN111v2
RP191: 10/7/2009 11:09:45 AM - Avg8 Update
RP192: 10/8/2009 1:39:00 PM - System Checkpoint
==== Installed Programs ======================
A4 TECH USB PC Camera H
Addison-Wesley
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Apache Tomcat 6.0 (remove only)
Apple Mobile Device Support
Apple Software Update
ArGoSoft Mail Server Freeware
Audacity 1.2.6
Audacity Recovery Utility
AutoUpdate
AVG Free 8.5
Babylon
Borland C++ 5.0
Broadcom 440x 10/100 Integrated Controller
Browser Hijack Recover(BHR) 3.0
Bullzip PDF Printer 4.0.0.543
Camtasia Studio 5
ClikView 2.1
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Convert Multiple PDF Files To JPG Files Software 7.0
Cucusoft YouTube Mate 7.10
CuteFTP 8 Home
CVSNT 2.5.03.2382
DC++ 0.699
Dell Resource CD
Desktop Screen Record 5
Dia (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
doPDF 5.0 printer
Free PS Convert driver 8.15
Free Registry Fix 5.0
Free Window Registry Repair
FreeCall
GanttProject 2.0.7
Gecode 2.2.0/Qt
getPlus(R) for Adobe
GlassFish V2
GnuWin32: Bison-2.1
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
GPL Ghostscript Lite 8.61
Graphics Converter Pro v6.9x
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
IE7Pro
ImageConverter Plus 7.1
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
Java DB 10.3.1.4
Java Runtime Environment 1.2
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 10
LAME v3.98.2 for Audacity
Lizardtech DjVu Control
Lizardtech Express View Browser Plug-in
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
MATLAB 7.1
MediaRing Talk
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mimer SQL Engine
Mimer SQL Engine 9.2
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NetBeans IDE 6.0
OpenOffice.org 3.0
PC Suite for Sony Ericsson
PDF to Image Converter 2.00
Play89
PowerDVD
PPTools - Remove ALL
Prevx CSI
PuTTY version 0.60
QuickSet
QuickTime
RealPlayer
Registry Mechanic 8.0
Replay Media Catcher 3.01
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Share Accelerator MM Toolbar
Shock 4Way 3D v1.29
Shockwave
SigmaTel Audio
Skype™ 3.5
Sony Ericsson Media Manager 1.1
Sony Ericsson Symbian 9 Drivers
System Requirements Lab
TortoiseCVS
Uniblue RegistryBooster 2010
Unicode Image Maker 1.02.01
Uninstall GflAx
Universal Document Converter
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
VLC media player 0.9.8a
WampServer 2.0
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinSCP 4.1.8
Xming-fonts 7.3.0.15
Xming 6.9.0.31
XML Pro
XoftSpySE
Yahoo Message Archive Decoder 4.3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
10/8/2009 12:45:56 PM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code.
10/8/2009 12:45:56 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.251. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
10/8/2009 12:14:00 PM, error: Dhcp [1002] - The IP address lease 69.228.144.170 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/8/2009 11:53:23 AM, error: Dhcp [1002] - The IP address lease 69.233.255.64 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/8/2009 11:36:15 AM, error: Dhcp [1002] - The IP address lease 192.168.0.253 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/8/2009 1:12:15 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.253. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
10/7/2009 9:03:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.199 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/7/2009 7:53:07 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
10/6/2009 12:31:34 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/6/2009 1:04:12 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.2, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
10/6/2009 1:02:54 PM, error: Dhcp [1002] - The IP address lease 69.226.34.12 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/5/2009 8:51:56 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.3, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
10/5/2009 8:29:54 PM, error: Service Control Manager [7000] - The BVRPMPR5 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
10/5/2009 8:28:46 PM, error: Dhcp [1002] - The IP address lease 69.229.110.116 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/5/2009 8:17:53 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
10/5/2009 8:14:39 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
10/5/2009 8:13:40 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/5/2009 8:12:23 PM, error: Dhcp [1002] - The IP address lease 69.229.174.197 for the Network Card with network address 0019B9743A70 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/4/2009 12:32:38 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/4/2009 12:32:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CVSNT Locking Service 2.5.03.2382 service to connect.
10/4/2009 12:32:38 PM, error: Service Control Manager [7000] - The CVSNT Locking Service 2.5.03.2382 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/4/2009 12:29:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/4/2009 1:15:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/4/2009 1:15:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/3/2009 7:39:23 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
10/3/2009 7:25:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
10/3/2009 7:25:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MATLAB Server service to connect.
10/3/2009 7:25:30 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/3/2009 7:25:30 PM, error: Service Control Manager [7000] - The MATLAB Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/3/2009 2:21:41 AM, error: System Error [1003] - Error code 000000d1, parameter1 00000006, parameter2 00000002, parameter3 00000000, parameter4 a837a2a9.
10/3/2009 2:06:38 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 2:06:25 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/3/2009 2:06:20 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 2:06:20 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/3/2009 2:06:16 AM, error: Service Control Manager [7034] - The CVSNT Locking Service 2.5.03.2382 service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 2:06:13 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/3/2009 2:06:10 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 2:05:54 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/3/2009 2:05:44 AM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 2:05:41 AM, error: Service Control Manager [7034] - The MIMER TCP service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 2:05:38 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 1:07:15 AM, error: Service Control Manager [7034] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 1:07:06 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
10/3/2009 1:07:01 AM, error: Service Control Manager [7034] - The MIMER-temp service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
DDS (Ver_09-09-29.01) - NTFSx86
Run by Hamid Yazdani at 21:23:50.53 on Thu 10/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.284 [GMT 3:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Babylon\Babylon.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
d:\Program Files\Mimer SQL 9.2\TCPSRV.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
d:\Program Files\Mimer SQL 9.2\MIMSRV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\IEPro\MiniDM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hamid Yazdani\My Documents\My Downloads\qykox6j7.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe
C:\WINDOWS\system32\rsvp.exe
C:\Documents and Settings\Hamid Yazdani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hamid Yazdani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hamid Yazdani\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Hamid Yazdani\My Documents\My Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Share Accelerator MM Toolbar: {4596013b-6c31-408b-a266-deae5c086dc2} - c:\program files\share_accelerator_mm\tbShar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RemoteControl] "f:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Babylon Client] d:\program files\babylon\Babylon.exe -AutoStart
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a70001000000}\SC_Reader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: FOLDEROPTIONS = 0 (0x0)
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://camera.mui.ac.ir/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} - hxxps://gfs.nb.se/privat/bank/scripts/eid/NordeaSmartCard.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://members.driverguide.com/director/dispatch_getfile.php?mode=toolkit_lite
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 setuid
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hamidy~1\applic~1\mozilla\firefox\profiles\tuq6rmmq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\hamid yazdani\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hamid yazdani\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx content uploader\npUpload.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-9-10 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-9-10 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-2 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-2 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-2 297752]
R2 CSIScanner;CSIScanner;c:\program files\prevxcsi\prevxcsi.exe [2008-10-18 4368952]
R2 MIMER-temp;MIMER-temp;d:\program files\mimer sql 9.2\mimsrv.exe [2007-10-26 2893096]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 MIMER TCP;MIMER TCP;d:\program files\mimer sql 9.2\tcpsrv.exe [2007-10-26 87336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-10-5 57408]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\drivers\zebrceb.sys [2009-5-14 63360]
S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-4-5 68096]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe --> c:\program files\netgear\wn111v2\jswpsapi.exe [?]
S3 MIMER Named Pipes;MIMER Named Pipes;d:\program files\mimer sql 9.2\napsrv.exe [2007-10-26 87336]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [2007-10-30 23040]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-1-29 57344]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\wn111v2.sys --> c:\windows\system32\drivers\WN111v2.sys [?]
S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-8-29 582424]
S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\drivers\zebrbus.sys [2009-5-14 83200]
S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\drivers\zebrmdfl.sys [2009-5-14 14848]
S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\drivers\zebrmdm.sys [2009-5-14 109568]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\drivers\zebrmdmc.sys [2009-5-14 109568]
S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\drivers\zebrsce.sys [2009-5-14 91264]
=============== Created Last 30 ================
2009-10-07 19:54 <DIR> --d----- c:\docume~1\hamidy~1\applic~1\VirtualStore
2009-10-06 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2009-10-06 14:52 3,249 a------- c:\windows\system32\wbem\Outlook_01ca467b77c2c8ba.mof
2009-10-06 14:46 <DIR> --d----- c:\program files\common files\L&H
2009-10-06 14:46 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-10-06 14:31 3,249 a------- c:\windows\system32\wbem\Outlook_01ca467881864c44.mof
2009-10-05 20:29 49,904 a----r-- c:\windows\system32\drivers\BVRPMPR5.SYS
2009-10-05 20:27 <DIR> --d----- C:\Netgear
2009-10-05 20:19 <DIR> --d-hr-- c:\docume~1\alluse~1\applic~1\Atheros
2009-10-05 20:17 57,408 a------- c:\windows\system32\drivers\wsimd.sys
2009-10-05 20:17 <DIR> --d----- c:\program files\Atheros
2009-10-05 20:13 <DIR> --d----- c:\program files\NETGEAR
2009-10-05 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NETGEAR
2009-10-04 13:26 <DIR> --d----- c:\program files\IEPro
2009-10-04 12:25 <DIR> a-dshr-- C:\cmdcons
2009-10-04 12:02 229,888 a------- c:\windows\PEV.exe
2009-10-04 12:02 161,792 a------- c:\windows\SWREG.exe
2009-10-04 12:02 98,816 a------- c:\windows\sed.exe
2009-10-04 00:51 1,016 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-04 00:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-04 00:42 <DIR> --d----- c:\program files\common files\iS3
2009-10-04 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-10-03 01:26 <DIR> --d----- c:\program files\ACW
2009-10-02 23:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-02 23:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-02 22:06 <DIR> --d----- c:\program files\Promosoft Corporation
2009-10-02 22:01 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-10-02 21:49 <DIR> --d----- C:\$AVG8.VAULT$
2009-10-02 18:52 0 a------- c:\windows\system32\8104297.jun
2009-10-02 18:51 <DIR> --d----- c:\program files\Browser Hijack Recover
2009-10-02 18:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-02 18:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-02 18:14 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-02 18:12 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-02 18:11 <DIR> --d----- c:\program files\AVG
2009-10-02 18:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-10-02 17:53 <DIR> --d----- c:\docume~1\hamidy~1\applic~1\Malwarebytes
2009-10-02 17:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-02 17:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-02 17:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 17:47 <DIR> --d----- c:\docume~1\hamidy~1\applic~1\AVG8
2009-10-02 14:04 <DIR> --d----- c:\program files\Uniblue
2009-09-27 14:20 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-09-27 14:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-09-27 14:20 <DIR> --d----- c:\program files\common files\XoftSpySE
2009-09-27 14:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE
2009-09-27 14:20 <DIR> --d----- c:\program files\XoftSpySE6
2009-09-24 22:50 <DIR> --d----- c:\program files\Word Password Unlocker
2009-09-24 18:30 <DIR> --d----- c:\docume~1\hamidy~1\applic~1\MiniDm
2009-09-24 17:42 <DIR> --d----- c:\docume~1\hamidy~1\applic~1\IEPro
2009-09-24 00:13 <DIR> --d----- c:\docume~1\hamidy~1\applic~1\Basta Computing
2009-09-11 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2009-09-11 23:06 <DIR> --d----- c:\program files\GlobalSCAPE
2009-09-10 10:41 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-09-10 10:41 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-09-10 10:41 24,653 a------- c:\windows\wininit.ini
==================== Find3M ====================
2009-09-11 02:12 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-08-28 02:25 1,024 a------- c:\docume~1\alluse~1\applic~1\imgpdf2.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.DLL
2008-04-29 22:31 88 a--shr-- c:\windows\system32\9EAA864B62.sys
2008-04-29 22:31 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 21:24:56.87 ===============