1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Few Extra Processes running

Discussion in 'Virus & Other Malware Removal' started by dexter123, Dec 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    Hi im new to this site. The problem started with the computer being slow, so i checked the task manager and found two AVP.exe running which is Kaspersky. After researching that found this site and then realised I may have more problems,C:/WINDOWS/Explorer.exe. anyhow for the most part somtimes really slow and occasionally get the mouse that appears to double click things and have had alot of problems with that. I usually run "CCleaner" "Malwarebytes". I just dont know how to read all these programs to see background operations. O yeah one more thing is Prismxl no clue what that is.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:52:07 PM, on 12/17/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbws.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [EPSON NX510 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S63E.tmp" /EF "HKCU"
    O4 - HKCU\..\RunOnce: [Update0] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Search - ?p=ZUxdm265YYCA
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
    O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
    O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
    O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

    --
    End of file - 10246 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Run by Owner at 16:54:04 on 2011-12-17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.28 [GMT -8:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbws.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://google.ca/
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {089FD14D-132B-48FC-8861-0048AE113215} - No File
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [EPSON NX510 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_S63E.tmp" /EF "HKCU"
    uRunOnce: [Update0] "c:\program files\common files\real\update_ob\realsched.exe"
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drives~1.lnk - c:\program files\321studios\xpress\DriveSelect.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: &Search - ?p=ZUxdm265YYCA
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
    TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
    TCP: Interfaces\{6BCA9958-8032-4C8B-884E-231CF8DE0E38} : DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: NVDESK32.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\wxplgi6z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\abhelperxpcom.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff4\abhelperxpcom4.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff5\abhelperxpcom5.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff6\abhelperxpcom6.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff7\abhelperxpcom7.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff8\abhelperxpcom8.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff4\kavlinkfilter4.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff5\kavlinkfilter5.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff6\kavlinkfilter6.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff7\kavlinkfilter7.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff8\kavlinkfilter8.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\kavlinkfilter.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff4\ffvkplugin4.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff5\ffvkplugin5.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff6\ffvkplugin6.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff7\ffvkplugin7.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ff8\ffvkplugin8.dll
    FF - component: c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]\components\ffvkplugin.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\wxplgi6z.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Anti-Banner: [email protected]_bak2 - c:\program files\mozilla firefox\extensions\[email protected]_bak2
    FF - Ext: Kaspersky URL Advisor: [email protected]_bak2 - c:\program files\mozilla firefox\extensions\[email protected]_bak2
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Kaspersky Virtual Keyboard: [email protected] - c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
    FF - Ext: Anti-Banner: [email protected] - c:\program files\kaspersky lab\kaspersky internet security 2012\ffext\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-11-29 565552]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-19 54752]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
    .
    =============== Created Last 30 ================
    .
    2011-12-12 00:43:48 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-12 00:43:46 -------- d-----w- c:\program files\Trend Micro
    2011-11-30 01:15:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip
    2011-11-29 22:35:12 97961 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-11-29 22:35:12 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-11-29 22:35:01 110992 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\abhelperxpcom.dll
    2011-11-29 22:34:55 147856 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
    2011-11-29 22:31:46 -------- d-----w- c:\program files\Kaspersky Lab
    2011-11-29 22:31:46 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
    .
    ==================== Find3M ====================
    .
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2005-12-03 05:58:28 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    ============= FINISH: 16:57:16.29 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-17 16:50:34
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1c ST3100011A rev.3.02
    Running: mp8lrrqx.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxdyypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF4038FBA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF40398B4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF4052AEE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF4039E26]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF4039D14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF4052E06]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xF403A056]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xF403A21E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF4038D76]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF4039F3E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF4054110]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF40395E6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF4052ECE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF403A53C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF404D084]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF404E88E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF40398F6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF403B53C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF404E088]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF404EA38]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF403A62E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF404DBC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF404DE1C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF4054130]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF405130A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF4039EB8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF4039DA0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF40391F4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF403A97E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF4039FD0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF40390E8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xF4054120]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF404CEB8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF404E698]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xF4051500]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF403AEC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF404E488]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF403A7CE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF404D198]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF404D80C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF4053048]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF4052F96]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF40530B4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF404DA14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF403B3DE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF404D33E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xF404D4D4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xF404D670]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF4052C76]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF4039756]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF403A3E8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF403B010]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF404E248]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF403B104]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF403B23E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF403A45E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF4039392]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF40392EA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF403AD78]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF403947C]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP F402B9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP F402BDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 243C 80501C74 12 Bytes [06, 2E, 05, F4, 56, A0, 03, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 244C 80501C84 16 Bytes [76, 8D, 03, F4, 3E, 9F, 03, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2488 80501CC0 8 Bytes [8E, E8, 04, F4, F6, 98, 03, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 24A8 80501CE0 4 Bytes JMP 926EF404
    .text ntkrnlpa.exe!ZwCallbackReturn + 2584 80501DBC 4 Bytes [E8, 90, 03, F4]
    .text ...
    init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF5F40900]
    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6E80DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6E80DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[224] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2908] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    computer still running slow. need help please
     
  3. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    please help running slow hard to browse the internet but mozilla could be the cause
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,203
    Hiya and welcome to Tech Support Guy :)

    As you have Malwarebytes installed, can you post the logs of the recent run? Just open the program, click on the Logs tab, open the recent one, and copy/paste the contents here.

    Also, can you do the following for me:


    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    ---

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    Regards

    eddie
     
  5. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    Malwarebytes' Anti-Malware 1.33
    Database version: 1736
    Windows 5.1.2600 Service Pack 2

    2/7/2009 9:34:48 AM
    mbam-log-2009-02-07 (09-34-48).txt

    Scan type: Quick Scan
    Objects scanned: 67482
    Time elapsed: 19 minute(s), 4 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 31
    Registry Values Infected: 3
    Registry Data Items Infected: 2
    Folders Infected: 7
    Files Infected: 10

    Memory Processes Infected:
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MsAntispyware) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Program Files\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\20090207090937614.log (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090207084954582.log (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
    C:\Program Files\bfgtoolbar\bfgtoolbar.dll_0_ (Adware.OneToolBar) -> Quarantined and deleted successfully.
    C:\Program Files\bfgtoolbar\install.ico (Adware.OneToolBar) -> Quarantined and deleted successfully.
    C:\Program Files\bfgtoolbar\toolbar.ini (Adware.OneToolBar) -> Quarantined and deleted successfully.
    C:\Program Files\bfgtoolbar\uninstall.exe (Adware.OneToolBar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\perce.jpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    ..................................................................................................
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/03/2012 at 09:36 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8096
    Trace Rules Database Version: 5908

    Scan type : Complete Scan
    Total Scan Time : 03:09:02

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 488
    Memory threats detected : 0
    Registry items scanned : 36912
    Registry threats detected : 9
    File items scanned : 134741
    File threats detected : 8

    Adware.MyWebSearch/FunWebProducts
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
    ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS42.ZIP )/F3PSSAVR.SCR
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS42.ZIP
    ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH73.ZIP )/BAR/1.BIN/F3PSSAVR.SCR
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH73.ZIP

    Adware.MyWebSearch
    ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH1.ZIP )/MWSOEMON.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH1.ZIP

    Adware.Tracking Cookie
    cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CDD3YTTH ]
    cdnx.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CDD3YTTH ]
     
  6. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    OTL logfile created on: 1/5/2012 9:57:05 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    446.48 Mb Total Physical Memory | 184.79 Mb Available Physical Memory | 41.39% Memory free
    1.02 Gb Paging File | 0.60 Gb Available in Paging File | 59.09% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.16 Gb Total Space | 28.97 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
    Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.32% Space Free | Partition Type: FAT32
    Drive F: | 74.53 Gb Total Space | 37.30 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

    Computer Name: HOMECOMPUTER | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/04 17:38:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
    PRC - [2011/11/29 17:20:15 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/16 17:03:25 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2005/03/11 17:33:28 | 000,147,456 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
    PRC - [2005/03/08 03:33:28 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
    PRC - [2003/12/09 11:17:00 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
    MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
    MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
    MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
    MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
    MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
    MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
    MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008/02/04 23:53:55 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\sse1ml3.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [Auto | Stopped] -- -- (PrismXL)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Running] -- -- (GEARAspiWDM)
    DRV - [2011/11/29 14:30:56 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2011/10/18 02:43:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    DRV - [2011/10/18 02:43:42 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
    DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/10/09 21:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btblan.sys -- (LeapFrog-USBLAN)
    DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
    DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
    DRV - [2009/02/04 04:20:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
    DRV - [2005/11/27 15:44:56 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2004/11/15 17:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004/06/17 14:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/06/17 14:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 14:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
    DRV - [2003/12/09 11:16:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2003/12/09 11:16:00 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/01/28 23:29:34 | 000,008,703 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
    DRV - [2003/01/10 13:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/12/27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2001/08/17 12:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 48
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
    FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.449
    FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.449
    FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.449


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/11/29 15:16:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/11/29 15:16:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2011/11/29 15:16:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 13:07:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/06 15:09:46 | 000,000,000 | ---D | M]

    [2009/02/25 19:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2012/01/03 17:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wxplgi6z.default\extensions
    [2011/10/11 19:21:31 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wxplgi6z.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2011/05/14 16:53:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wxplgi6z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/11/07 09:24:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wxplgi6z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009/02/07 19:28:09 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wxplgi6z.default\searchplugins\siteadvisor.xml
    [2012/01/03 17:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2006/07/20 18:02:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/07/31 15:22:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/11/29 14:35:02 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
    [2011/11/29 14:34:56 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
    [2010/07/31 15:21:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/11/29 15:16:21 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
    [2011/11/29 15:16:21 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
    [2011/11/29 15:16:22 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
    [2010/07/31 15:21:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
    O4 - HKCU..\Run: [EPSON NX510 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
    O8 - Extra context menu item: &Search - ?p=ZUxdm265YYCA File not found
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm File not found
    O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm File not found
    O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm File not found
    O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll File not found
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab (Reg Error: Key error.)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Key error.)
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BCA9958-8032-4C8B-884E-231CF8DE0E38}: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Filter\text/html - No CLSID value found
    O20 - AppInit_DLLs: (NVDESK32.DLL) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O29 - HKLM SecurityProviders - (zwebauth.dll) -C:\WINDOWS\System32\ZWebAuth.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/26 10:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
    O32 - AutoRun File - [2003/05/23 09:19:12 | 000,000,000 | RHS- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{0139f1c3-0909-11da-ad6b-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{0139f1c3-0909-11da-ad6b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0139f1c3-0909-11da-ad6b-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
    O33 - MountPoints2\{45a99c35-0aaa-11da-92d3-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{45a99c35-0aaa-11da-92d3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{45a99c35-0aaa-11da-92d3-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/03 18:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    [2012/01/03 18:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/01/03 18:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/01/03 18:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/01/01 16:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Philipp Winterberg
    [2012/01/01 16:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free RAR Extract Frog
    [2012/01/01 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
    [2012/01/01 14:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
    [2012/01/01 14:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
    [2012/01/01 14:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
    [2012/01/01 14:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/01/01 12:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CAM UnZip
    [2012/01/01 12:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CAM Development
    [2012/01/01 12:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\CAM Development
    [2011/12/25 09:32:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/12/25 09:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2011/12/25 09:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
    [2011/12/25 09:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
    [2011/12/11 16:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/12/11 16:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
    [2011/12/08 18:48:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2007/08/27 23:48:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    [2005/12/02 21:58:35 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/04 17:41:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/04 06:54:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/04 06:53:13 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/04 06:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/03 18:04:29 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/01/01 16:24:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free RAR Extract Frog.lnk
    [2012/01/01 14:39:51 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2012/01/01 14:39:51 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2012/01/01 14:12:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2012/01/01 12:24:55 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CAM UnZip.lnk
    [2011/12/22 09:24:56 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/12/21 10:07:42 | 000,007,245 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wilbur.jpg
    [2011/12/21 10:07:32 | 000,008,857 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shredder.jpg
    [2011/12/21 10:07:19 | 000,006,729 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Daisy.jpg
    [2011/12/15 03:33:12 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/15 03:15:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/04 17:41:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/03 18:04:29 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/01/01 16:24:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free RAR Extract Frog.lnk
    [2012/01/01 14:39:51 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2012/01/01 14:39:51 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2012/01/01 12:24:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CAM UnZip.lnk
    [2011/12/21 10:07:42 | 000,007,245 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Wilbur.jpg
    [2011/12/21 10:07:32 | 000,008,857 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shredder.jpg
    [2011/12/21 10:07:17 | 000,006,729 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Daisy.jpg
    [2011/12/15 03:02:58 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2011/12/11 16:43:47 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
    [2011/11/29 14:40:44 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\WebpageIcons.db
    [2011/11/29 14:35:12 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/11/29 14:35:12 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
    [2010/12/31 10:02:56 | 000,119,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/02 14:53:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2010/07/31 16:10:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009/12/09 03:21:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
    [2009/12/06 13:04:57 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
    [2009/12/02 16:09:58 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2009/12/02 16:09:58 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2009/12/02 16:09:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/12/02 16:09:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2009/12/02 16:09:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2009/12/02 16:09:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2009/12/02 16:09:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2009/12/02 16:09:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2009/12/02 16:09:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2009/12/02 16:09:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2009/12/02 16:09:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2009/12/02 16:09:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2009/12/02 16:09:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2009/12/02 16:09:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2009/12/02 16:09:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2009/12/02 16:09:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2009/12/02 16:04:59 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EPNX510.ini
    [2009/12/01 17:51:05 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
    [2009/12/01 17:51:01 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
    [2009/12/01 17:49:12 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
    [2009/12/01 17:47:45 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sse1ml3.dll
    [2009/12/01 17:46:37 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
    [2009/12/01 17:43:20 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
    [2009/12/01 17:43:20 | 000,087,040 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
    [2009/12/01 17:43:19 | 000,265,216 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
    [2009/12/01 17:43:19 | 000,139,776 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
    [2009/12/01 17:43:19 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
    [2009/11/08 16:45:56 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
    [2009/09/19 16:59:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/02/07 17:02:08 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/06/15 19:25:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2008/02/01 17:25:42 | 000,000,168 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2007/08/27 23:48:10 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
    [2007/08/27 23:48:10 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
    [2007/08/27 23:48:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
    [2007/06/17 18:51:38 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p2now.sys
    [2007/04/10 21:57:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/07/20 18:05:32 | 000,000,571 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/07/20 18:02:10 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2006/06/21 02:43:08 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
    [2006/06/21 02:43:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/06/21 02:33:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2006/06/11 20:35:32 | 000,000,669 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2006/05/08 21:12:30 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
    [2006/04/19 20:12:00 | 000,000,410 | ---- | C] () -- C:\WINDOWS\oziexp.ini
    [2005/12/16 17:05:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2005/12/09 12:51:31 | 000,000,507 | ---- | C] () -- C:\WINDOWS\eReg.dat
    [2005/12/08 19:10:45 | 000,020,480 | R--- | C] () -- C:\WINDOWS\ANVUNIS.exe
    [2005/12/08 19:10:45 | 000,000,618 | R--- | C] () -- C:\WINDOWS\Anvshell.ini
    [2005/11/28 20:35:43 | 000,000,360 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2005/11/09 18:19:38 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2005/10/26 10:46:24 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/10/24 22:10:50 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hppsapp.INI
    [2005/10/24 21:12:28 | 000,004,736 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    [2005/10/24 20:48:35 | 003,670,016 | ---- | C] () -- C:\Program Files\Aron Tippin - A Little Dust On The Bottle.mp3
    [2005/10/24 11:34:25 | 000,000,140 | ---- | C] () -- C:\WINDOWS\winamp.ini
    [2005/10/24 10:21:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/08/09 14:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/08/09 14:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2004/08/27 02:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/27 01:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
    [2004/08/26 10:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/26 10:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/26 08:12:43 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/08/26 08:12:43 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2004/08/26 08:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/26 08:12:10 | 000,444,806 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/26 08:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/26 08:12:10 | 000,072,698 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/26 08:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/26 08:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/26 08:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/26 08:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/26 08:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/26 08:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/26 08:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/26 08:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/26 02:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/26 02:54:01 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/01/01 16:19:31 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2004/01/01 16:19:29 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2004/01/01 16:19:29 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2004/01/01 16:15:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/01/01 16:12:18 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
    [2004/01/01 16:10:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [1997/06/13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

    ========== LOP Check ==========

    [2010/08/19 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/01/21 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2006/06/11 20:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2012/01/01 12:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAM Development
    [2009/12/02 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2009/03/30 17:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
    [2011/12/25 09:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
    [2009/07/07 19:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2009/12/09 15:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2009/03/25 15:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2011/10/20 17:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2009/07/23 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/10/23 06:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/11/08 18:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    [2011/10/17 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/10/20 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
    [2010/07/31 16:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
    [2009/12/03 20:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
    [2011/10/11 19:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
    [2005/12/28 14:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OLYMPUS
    [2008/11/29 15:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2012/01/01 16:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Philipp Winterberg
    [2010/12/24 21:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
    [2004/01/01 16:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2011/02/14 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shareaza
    [2007/01/14 15:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SlySoft
    [2005/10/24 21:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
    [2011/12/11 16:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tixati
    [2007/10/23 06:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
    [2010/08/19 17:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AAABE72
    @Alternate Data Stream - 16 bytes -> C:\Program Files\My Shared Folder:Shareaza.GUID
    @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner\My Documents\Shareaza Downloads:Shareaza.GUID
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0127DBDE
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F63F0A1E

    < End of report >
     
  7. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    OTL Extras logfile created on: 1/5/2012 9:57:05 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    446.48 Mb Total Physical Memory | 184.79 Mb Available Physical Memory | 41.39% Memory free
    1.02 Gb Paging File | 0.60 Gb Available in Paging File | 59.09% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.16 Gb Total Space | 28.97 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
    Drive D: | 3.98 Gb Total Space | 2.72 Gb Free Space | 68.32% Space Free | Partition Type: FAT32
    Drive F: | 74.53 Gb Total Space | 37.30 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

    Computer Name: HOMECOMPUTER | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "F:\Program Files\MSN Messenger\msnmsgr.exe" = F:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
    "C:\SIERRA\THunt4\TH4.exe" = C:\SIERRA\THunt4\TH4.exe:*:Enabled:TH4
    "C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa
    "C:\Program Files\ASUS\ASUS GameFace\GameFace.exe" = C:\Program Files\ASUS\ASUS GameFace\GameFace.exe:*:Disabled:ASUS GameFace
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\1073002513\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1073002513\EE\AOLServiceHost.exe:*:Disabled:AOL
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon
    "F:\Program Files\Ares\Ares.exe" = F:\Program Files\Ares\Ares.exe:*:Disabled:Ares
    "C:\Program Files\steam\steamapps\[email protected]\team fortress classic\hl.exe" = C:\Program Files\steam\steamapps\[email protected]\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher
    "C:\Program Files\steam\steamapps\[email protected]\opposing force\hl.exe" = C:\Program Files\steam\steamapps\[email protected]\opposing force\hl.exe:*:Enabled:Half-Life Launcher
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:pure Networks Platform Service -- (Cisco Systems, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
    "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
    "{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "America Online us" = America Online (Choose which version to remove)
    "AnyDVD" = AnyDVD
    "AviSynth" = AviSynth 2.5
    "BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
    "CUZ4_is1" = CAM UnZip 4.5
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDXCopyXpress" = DVDXCopy Xpress 2.0.1
    "EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Indeo® software" = Indeo® software
    "InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
    "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
    "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
    "Network MagicUninstall" = Network Magic
    "Network Play System (Patching)" = Network Play System (Patching)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "RealPlayer 6.0" = RealPlayer
    "tixati" = Tixati
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/19/2011 6:11:27 PM | Computer Name = HOMECOMPUTER | Source = Application Error | ID = 1000
    Description = Faulting application winamp.exe, version 5.5.1.1763, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x0001240b.

    Error - 8/22/2011 4:43:57 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/22/2011 5:55:52 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/22/2011 5:57:13 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/23/2011 6:04:22 PM | Computer Name = HOMECOMPUTER | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 8/23/2011 6:04:22 PM | Computer Name = HOMECOMPUTER | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 9/8/2011 2:36:40 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/17/2011 9:24:25 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/17/2011 10:12:01 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application nero.exe, version 6.6.0.13, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/24/2011 11:28:27 PM | Computer Name = HOMECOMPUTER | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3828, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 1/6/2012 1:52:40 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 1:52:41 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 1:52:41 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 1:52:41 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 1:52:41 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 1:52:41 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 1:52:41 AM | Computer Name = HOMECOMPUTER | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 1/6/2012 2:05:35 AM | Computer Name = HOMECOMPUTER | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 1/6/2012 2:05:35 AM | Computer Name = HOMECOMPUTER | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 1/6/2012 2:05:35 AM | Computer Name = HOMECOMPUTER | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.


    < End of report >
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,203
    Thanks :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
      SRV - File not found [Auto | Stopped] -- -- (PrismXL)
      SRV - File not found [Disabled | Stopped] -- -- (HidServ)
      SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
      DRV - File not found [Kernel | Disabled | Running] -- -- (GEARAspiWDM)
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
      O8 - Extra context menu item: &Search - ?p=ZUxdm265YYCA File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm File not found
      O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm File not found
      O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm File not found
      O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll File not found
      O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/Activ...veLauncher.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Key error.)
      O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
      O18 - Protocol\Filter\text/html - No CLSID value found
      O20 - AppInit_DLLs: (NVDESK32.DLL) - File not found
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2005/10/26 10:46:24 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2007/10/23 06:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2007/10/23 06:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
      @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AAABE72
      @Alternate Data Stream - 16 bytes -> C:\Program Files\My Shared Folder:Shareaza.GUID
      @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Owner\My Documents\Shareaza Downloads:Shareaza.GUID
      @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0127DBDE
      @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2
      @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
      @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F63F0A1E
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


    --------------------------------

    And then can you do the following:

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  9. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    All processes killed
    ========== OTL ==========
    Service RoxLiveShare9 stopped successfully!
    Service RoxLiveShare9 deleted successfully!
    Service PrismXL stopped successfully!
    Service PrismXL deleted successfully!
    Service HidServ stopped successfully!
    Service HidServ deleted successfully!
    Service AppMgmt stopped successfully!
    Service AppMgmt deleted successfully!
    Error: Unable to stop service GEARAspiWDM!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GEARAspiWDM deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
    C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{089FD14D-132B-48FC-8861-0048AE113215}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Capture Selection\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save as HTML\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Save Selected Text\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\SmarThru4 Web Capture\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
    Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
    Starting removal of ActiveX control {3A7FE611-1994-4EF1-A09F-99456752289D}
    C:\WINDOWS\Downloaded Program Files\ActiveLauncherCabSetup.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3A7FE611-1994-4EF1-A09F-99456752289D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\Program Files\WebEx\ieatgpc.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control {E5D419D6-A846-4514-9FAD-97E826C84822}
    C:\WINDOWS\Downloaded Program Files\heartbeat.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E5D419D6-A846-4514-9FAD-97E826C84822}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D419D6-A846-4514-9FAD-97E826C84822}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:NVDESK32.DLL deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\002845_.tmp deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AAABE72 deleted successfully.
    ADS C:\Program Files\My Shared Folder:Shareaza.GUID deleted successfully.
    Unable to delete ADS C:\Documents and Settings\Owner\My Documents\Shareaza Downloads:Shareaza.GUID .
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0127DBDE deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F63F0A1E deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
    C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 2053861 bytes
    ->Temporary Internet Files folder emptied: 5222593 bytes
    ->Flash cache emptied: 300 bytes

    User: NetworkService
    ->Temp folder emptied: 989880 bytes
    ->Temporary Internet Files folder emptied: 3123354 bytes

    User: Owner
    ->Temp folder emptied: 812095 bytes
    ->Temporary Internet Files folder emptied: 800784 bytes
    ->Java cache emptied: 22987063 bytes
    ->FireFox cache emptied: 30277589 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1978909 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 96694 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 156356051 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33989 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 214.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 01072012_123836

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\QB2X03CL\click,jPQxAM9yAwArDQcAxkACAAAAEAAAAAIAAQABFQIABgInrAMAQ5MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc.0kYAAAAA,,http%3A%2F%2Fwww[1].php%3Fpage%3D1%26id%3D503045393,;ord=[timestamp] not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O18RSVGV\CAY9T876.ca%2Fsearch%3Fhl%3Den%26q%3Dhealthy%2Bsex%2Blife%2Bwith%2Bhpv%26meta%3D&cc=41&flash=8&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_tz=-420&u_his=2&u_java=true not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\58TKPZMA\PagePos=1&adtype=BASEBOARD&show=BT&topic1=RECIPE_CONTENT&ingredient=BEEF&ingredient=PORK&interest=INTERMEDIATE&mealpart=LUNCH&mealpart=MAIN_DISH&cuisine=AMERICAN_GENERAL&se[1] not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\05MRSD2V\adtype=LEADERBOARD&adsize=468x60&PagePos=1&category=RECIPES&site=FOOD&tile=33196223779936&ord=7911771571&pagetype=RECIPE&uniqueid=FOOD_RECIPE_34333_1&SECTION_ID=9936[1] not found!
    File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\05MRSD2V\PagePos=5&show=BT&topic1=RECIPE_CONTENT&ingredient=BEEF&ingredient=PORK&interest=INTERMEDIATE&mealpart=LUNCH&mealpart=MAIN_DISH&cuisine=AMERICAN_GENERAL&season=FALL&season=[1] not found!
    C:\WINDOWS\temp\kls966A.tmp moved successfully.

    Registry entries deleted on Reboot...
     
  10. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    ComboFix 12-01-07.02 - Owner 01/07/2012 13:17:03.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.161 [GMT -8:00]
    Running from: c:\documents and settings\Owner\Desktop\username123.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
    c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner\Application Data\inst.exe
    c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
    c:\documents and settings\Owner\WINDOWS
    c:\windows\alcrmv.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\init32.exe
    c:\windows\system32\spool\prtprocs\w32x86\sse1mpc.dll
    D:\Autorun.inf
    F:\install.exe
    .
    Infected copy of c:\windows\system32\imm32.dll was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-07 20:38 . 2012-01-07 20:38 -------- d-----w- C:\_OTL
    2012-01-04 02:08 . 2012-01-04 02:08 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2012-01-04 02:03 . 2012-01-04 02:08 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-04 02:03 . 2012-01-04 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-01-02 00:24 . 2012-01-02 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Philipp Winterberg
    2012-01-02 00:24 . 2012-01-02 00:24 -------- d-----w- c:\program files\Free RAR Extract Frog
    2012-01-01 22:39 . 2012-01-01 22:39 1409 ----a-w- c:\windows\QTFont.for
    2012-01-01 22:33 . 2012-01-01 22:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
    2012-01-01 22:33 . 2012-01-01 22:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
    2012-01-01 22:26 . 2012-01-01 22:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
    2012-01-01 22:22 . 2012-01-06 05:50 -------- d-----w- c:\program files\Common Files\Apple
    2012-01-01 20:24 . 2012-01-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\CAM Development
    2012-01-01 20:24 . 2012-01-01 20:24 -------- d-----w- c:\program files\CAM Development
    2011-12-25 17:08 . 2011-12-25 17:08 -------- d-----w- c:\program files\DIFX
    2011-12-25 17:04 . 2011-12-25 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
    2011-12-25 17:04 . 2011-12-25 17:37 -------- d-----w- c:\program files\LeapFrog
    2011-12-12 00:43 . 2011-12-12 00:43 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-12-12 00:43 . 2011-12-12 00:43 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-10 23:24 . 2009-02-08 18:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 13:25 . 2004-08-26 16:12 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-26 16:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2004-08-26 16:12 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-26 16:11 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2004-08-26 16:12 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-04 05:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-18 10:43 . 2011-10-18 10:43 78136 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2011-10-18 10:43 . 2011-10-18 10:43 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2005-12-03 05:58 . 2005-12-03 05:58 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
    "SoundMan"="SOUNDMAN.EXE" [2003-12-09 67584]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "VTTimer"="VTTimer.exe" [2005-03-08 53248]
    "VTTrayp"="VTtrayp.exe" [2005-03-12 147456]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-17 180269]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2011-11-30 472112]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-2 113664]
    DriveSelect.lnk - c:\program files\321Studios\Xpress\DriveSelect.exe [2003-5-5 217088]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2009-11-20 06:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    2005-04-15 00:56 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
    2005-07-19 19:14 57344 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
    2004-11-15 23:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:pure Networks Platform Service
    .
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 1:23 PM 11352]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2012 7:51 PM 136176]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/18/2011 2:43 AM 78136]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2012 7:51 PM 136176]
    S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [10/9/2009 9:23 PM 33792]
    S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/5/2003 11:20 AM 47360]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/13/2011 2:21 AM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [5/13/2011 2:21 AM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [5/13/2011 2:21 AM 136808]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/18/2011 2:43 AM 181432]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 03:51]
    .
    2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-07 03:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ca/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
    TCP: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wxplgi6z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Anti-Banner: [email protected]_bak2 - c:\program files\Mozilla Firefox\extensions\[email protected]_bak2
    FF - Ext: Kaspersky URL Advisor: [email protected]_bak2 - c:\program files\Mozilla Firefox\extensions\[email protected]_bak2
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Kaspersky Virtual Keyboard: [email protected] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
    FF - Ext: Anti-Banner: [email protected] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-07 13:31
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(820)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(4000)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SOUNDMAN.EXE
    c:\windows\system32\VTTimer.exe
    c:\windows\system32\VTtrayp.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-07 13:49:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-07 21:49
    .
    Pre-Run: 31,941,025,792 bytes free
    Post-Run: 31,882,776,576 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9BE0CFF6393CBCAC62364884E0DF04E1
     
  11. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    thank you very much for your time and helping me and the computer is coming along piece by piece getting faster and smoother
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,203
    No problem, I like to help :)


    Okay, lets update your Java, as its out of date:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Now, go here and download the latest Java Version.


    ----------

    Then, can you uninstall this via AddRemove Programs in the Control Panel, if there:


    ViewpointMediaPlayer
    MS AntiSpyware 2009


    ----------
    Then, can you do this so we can see if any remnamts are left:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :reg
      HKLM\SOFTWARE\Classes\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC} /sub
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D} /sub
      HKLM\SOFTWARE\Classes\XML.XML /sub
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX /sub
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} /sub
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} /sub
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} /sub
      HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
      HKEY_CURRENT_USER\Software\Malware Defense
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments /sub
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /sub
      HKEY_LOCAL_MACHINE\Software\ Win32.Mebroot.J
      HKEY_LOCAL_MACHINE\Software\Win32.Mebroot.J
      :filefind
      *msxml71.dll
      *setupapp7070010000.exe
      *antispy.exe
      :dir
      :folderfind
      *.Mebroot
      :file
      C:\WINDOWS\System32\HotlineClient.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt


    -----------

    Then, can you run a scan with AVP as follows:


    Save these instructions so you can have access to them while in Safe Mode.

    Please click here to download AVP Tool by Kaspersky.
    • Save it to your desktop.
    • Reboot your computer into SafeMode.
      You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
      Use your up arrow key to highlight SafeMode then hit enter
      .
    • Double click the setup file to run it.
    • Click Next to continue.
    • Accept the Licence agreement and click on next
    • It will by default install it to your desktop folder.Click Next.
    • It will then open a box There will be a tab that says Automatic scan.
    • Under Automatic scan make sure these are checked.

    • [*]Hidden Startup Objects
      [*]System Memory
      [*]Disk Boot Sectors.
      [*]My Computer.
      [*]Also any other drives (Removable that you may have)

    Leave the rest of the settings as they appear as default.

    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

      Note: This tool will self uninstall when you close it so please save the log before closing it.




    ------------

    eddie
     
  13. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:34 on 13/01/2012 by Owner
    Administrator - Elevation successful

    ========== reg ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC}]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XML.XML]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C}]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}]
    (Unable to open key - key not found)

    [HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt]
    (Unable to open key - key not found)

    [HKEY_CURRENT_USER\Software\Malware Defense]
    (Unable to open key - key not found)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
    (Unable to open key - key not found)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"=""C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler"
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"


    [HKEY_LOCAL_MACHINE\Software\ Win32.Mebroot.J]
    (Unable to open key - key not found)

    [HKEY_LOCAL_MACHINE\Software\Win32.Mebroot.J]
    (Unable to open key - key not found)

    ========== filefind ==========

    Searching for "*msxml71.dll"
    No files found.

    Searching for "*setupapp7070010000.exe"
    No files found.

    Searching for "*antispy.exe"
    No files found.
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,203
    Hmmm, none there which is good :)

    Okay, if you can run the AVP tool, that would be great
     
  15. dexter123

    dexter123 Thread Starter

    Joined:
    Dec 11, 2011
    Messages:
    18
    Status: Deleted (events: 6)
    1/14/2012 8:34:45 AM Deleted Trojan program Trojan-GameThief.Win32.OnLineGames.xvcr F:\Documents and Settings\Rob Reade\Desktop\stuff\cd-client-4_18_1-en.exe High
    1/14/2012 8:34:45 AM Deleted Trojan program Trojan-GameThief.Win32.OnLineGames.xvcr F:\Documents and Settings\Rob Reade\Desktop\stuff\cd-client-4_18_1-en.exe//UPX High
    1/14/2012 8:34:45 AM Deleted Trojan program Trojan-GameThief.Win32.OnLineGames.xvcr F:\Documents and Settings\Rob Reade\Desktop\stuff\cd-client-4_18_1-en.exe//UPX//data0002 High
    1/14/2012 12:09:11 PM Deleted Trojan program Trojan-GameThief.Win32.OnLineGames.xvcr F:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2233\A0187522.exe High
    1/14/2012 12:09:11 PM Deleted Trojan program Trojan-GameThief.Win32.OnLineGames.xvcr F:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2233\A0187522.exe//UPX High
    1/14/2012 12:09:11 PM Deleted Trojan program Trojan-GameThief.Win32.OnLineGames.xvcr F:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2233\A0187522.exe//UPX//data0002 High
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031696

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice