1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan-Clicker.Win32.Wistler.a

Discussion in 'Virus & Other Malware Removal' started by thescarecrow, Dec 22, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. thescarecrow

    thescarecrow Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    4
    Hello everyone. Been a big fan of the forum for a long time and I decided to join because I have this nasty trojan that is starting to worry me. When I was running my Kaspersky scan the infamous Trojan-Clicker.Win32.Wistler.a came up and the option to "remove" the trojan, by rebooting and let Kaspersky do all the work, didn't do anything because it still pops us saying that I have the damn thing. Here are my logs. Thank you.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:28:16 PM, on 12/22/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC2F9BFA-A064-4E89-9632-8B69002C1745}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
    O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11657 bytes



    DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
    Run by Julio at 18:29:40.57 on Wed 12/22/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4627 [GMT -5:00]

    AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\calc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Julio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Julio\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [<NO NAME>]
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    TCP: {FC2F9BFA-A064-4E89-9632-8B69002C1745} = 208.67.222.222,208.67.220.220
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    mRun-x64: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\eidxpnyc.default\
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Julio\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-26 55280]
    R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-5 349800]
    S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-1 98208]
    S2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\system32\ASTSRV.EXE --> C:\Windows\system32\ASTSRV.EXE [?]
    S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-3-17 19432]
    S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-4-18 72216]
    S2 nlscc;Nalpeiron X64 Service;C:\Windows\System32\nlsInterface.exe [2010-3-11 72192]
    S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
    S3 NMRKUSBA;Numark USB2 WDM;C:\Windows\System32\drivers\nmrkusba.sys [2010-4-22 45568]
    S3 NMRKUSBU;Numark USB2 driver;C:\Windows\System32\drivers\nmrkusbu.sys [2010-4-21 430592]
    S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-6-16 246376]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-16 50176]
    S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-28 1255736]

    =============== Created Last 30 ================

    2010-12-22 21:19:17 -------- d-----w- C:\Users\Julio\AppData\Local\{182EBA7E-6932-46BC-9932-A1BD1112A49C}
    2010-12-22 21:17:42 -------- d-----w- C:\Windows\en
    2010-12-22 21:16:19 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2010-12-22 21:13:07 17816 ----a-w- C:\PROGRA~3\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2010-12-22 21:11:59 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2010-12-22 21:11:59 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2010-12-22 21:11:57 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2010-12-22 21:10:43 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2010-12-22 21:10:43 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2010-12-22 21:09:20 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
    2010-12-22 21:09:20 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
    2010-12-22 21:09:20 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
    2010-12-22 21:09:20 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
    2010-12-22 21:08:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\68362dbf1cba21c06\DSETUP.dll
    2010-12-22 21:08:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\68362dbf1cba21c06\DXSETUP.exe
    2010-12-22 21:08:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\68362dbf1cba21c06\dsetup32.dll
    2010-12-22 21:08:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\643074eb1cba21c05\DXSETUP.exe
    2010-12-22 21:08:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\643074eb1cba21c05\dsetup32.dll
    2010-12-22 21:08:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\643074eb1cba21c05\DSETUP.dll
    2010-12-22 21:05:26 -------- d-----w- C:\Users\Julio\AppData\Local\Windows Live
    2010-12-22 21:02:18 -------- d-----w- C:\Users\Julio\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2010-12-22 20:59:15 -------- d-----w- C:\Users\Julio\AppData\Roaming\PACE Anti-Piracy
    2010-12-22 20:59:15 -------- d-----w- C:\Users\Julio\AppData\Local\PACE Anti-Piracy
    2010-12-21 07:54:05 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{675FA7D4-828F-47A1-A2D2-8356F67EAE4F}\mpengine.dll
    2010-12-20 19:37:55 109240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\abhelperxpcom.dll
    2010-12-20 19:37:52 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\kavlinkfilter.dll
    2010-12-20 19:36:02 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2010-12-20 19:36:01 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
    2010-12-20 19:33:54 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
    2010-12-20 19:23:38 -------- d-----w- C:\PROGRA~3\Comodo Downloader
    2010-12-18 20:22:00 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2010-12-18 20:21:59 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
    2010-12-18 20:21:26 -------- d-----w- C:\Windows\SysWow64\xlive
    2010-12-18 20:21:20 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2010-12-18 17:50:08 -------- d-----w- C:\Users\Julio\AppData\Roaming\FreeArc
    2010-12-18 17:49:58 -------- d-----w- C:\Program Files (x86)\FreeArc
    2010-12-15 19:09:59 -------- d-----w- C:\Users\Julio\AppData\Roaming\eBookPro6
    2010-12-11 20:27:53 -------- d-----w- C:\Program Files (x86)\The KMPlayer
    2010-12-04 18:28:23 -------- d-----w- C:\Fraps
    2010-12-01 07:35:09 -------- d-----w- C:\Windows\SysWow64\RTCOM
    2010-12-01 07:26:48 1251944 ----a-w- C:\Windows\RtlExUpd.dll
    2010-11-29 00:55:01 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
    2010-11-29 00:55:01 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
    2010-11-29 00:55:01 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
    2010-11-29 00:55:01 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
    2010-11-29 00:55:01 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
    2010-11-29 00:55:01 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
    2010-11-29 00:55:01 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll
    2010-11-29 00:49:10 99384 ----a-w- C:\Users\Julio\AppData\Roaming\inst.exe
    2010-11-29 00:49:10 82816 ----a-w- C:\Users\Julio\AppData\Roaming\pcouffin.sys
    2010-11-28 23:47:20 -------- d-----w- C:\Users\Julio\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    2010-11-28 06:22:44 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
    2010-11-28 06:01:17 2870272 ----a-w- C:\Windows\explorer.exe
    2010-11-28 05:41:49 -------- d-----w- C:\Users\Julio\AppData\Local\Korbin_Bickel
    2010-11-28 04:47:10 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
    2010-11-28 04:47:08 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
    2010-11-28 04:47:05 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
    2010-11-25 00:04:31 -------- d-----w- C:\Program Files (x86)\Digieffects
    2010-11-24 14:41:14 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-24 14:41:14 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-24 04:25:47 -------- d-----w- C:\Users\Julio\AppData\Local\VMware

    ==================== Find3M ====================

    2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-19 03:02:31 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2010-12-19 03:02:31 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-12-19 03:00:54 268560 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2010-12-01 06:06:37 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-11-28 06:22:39 1490363 ----a-w- C:\Windows\cursors\uninstall.exe
    2010-11-20 16:26:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-10 07:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-11-10 07:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-11-07 19:11:51 521448 ----a-w- C:\Windows\System32\deployJava1.dll
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-03 00:33:34 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
    2010-11-03 00:33:22 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2010-11-03 00:33:22 2096232 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2010-11-03 00:33:10 2536040 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2010-11-03 00:33:00 618600 ----a-w- C:\Windows\System32\RtkApi64.dll
    2010-11-03 00:33:00 2654824 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2010-11-03 00:33:00 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
    2010-11-03 00:32:48 82024 ----a-w- C:\Windows\System32\RCoInst64.dll
    2010-11-03 00:32:48 1242728 ----a-w- C:\Windows\System32\RTCOM64.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-29 10:54:49 160021 ----a-w- C:\Windows\FontDoctor For Windows Uninstaller.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-26 18:03:04 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
    2010-10-25 19:24:43 2 --shatr- C:\Windows\winstart.bat
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-18 08:00:00 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2010-10-16 18:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
    2010-10-16 18:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
    2010-10-16 18:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
    2010-10-16 18:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
    2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    2010-10-08 06:20:26 1881704 ----a-w- C:\Windows\System32\nvsvcr.dll
    2010-10-06 01:27:52 233656 ----a-w- C:\Windows\System32\klogon.dll
    2010-10-05 03:02:56 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2010-09-24 22:13:30 64600 ----a-w- C:\Windows\System32\MBppld64.dll
    2010-09-24 22:13:18 873048 ----a-w- C:\Windows\System32\MBAPO64.dll
    2010-09-24 22:13:14 739416 ----a-w- C:\Windows\SysWow64\MBAPO32.dll

    ============= FINISH: 18:31:40.51 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 11/23/2009 5:13:57 PM
    System Uptime: 12/22/2010 5:58:42 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0M017G
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2333/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 684 GiB total, 46.954 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 8.578 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    H: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Add or Remove Adobe Premiere Pro CS5
    Adobe Acrobat 9 Pro - English, Russian
    Adobe Acrobat 9.4.0 - CPSID_83708
    Adobe After Effects CS4 Third Party Content
    Adobe After Effects CS5
    Adobe After Effects CS5 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Community Help
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Download Manager
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Illustrator CS5
    Adobe Media Encoder CS5 Dolby X64
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS5
    Adobe Premiere Pro CS5 Third Party Royalty Content
    Adobe Reader 9.4.0
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    AIM 7
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Alien Skin Eye Candy 6
    Apple Application Support
    Apple Software Update
    Audacity 1.3.12 (Unicode)
    AutoUpdate
    Battlefield 2142 Deluxe Edition
    Battlefield: Bad Company¬ô 2
    BFX for Adobe Premiere 6.x
    BlackBerry Desktop Software 6.0
    BlackBerry Device Software Updater
    BlackBerry Device Software v5.0.0 for the BlackBerry 9630 smartphone
    BufferChm
    CDisplay 1.8
    Compatibility Pack for the 2007 Office system
    Connect
    ConvertXtoDVD 4.1.7.343
    Copy
    Core FTP LE 2.1
    D3DX10
    Dead Rising 2
    Destinations
    DeviceDiscovery
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DocProc
    Driver Genius Professional Edition
    EA Download Manager
    EA Download Manager UI
    EVGA Precision 2.0.0
    F300
    F300_Help
    F300Trb
    FairStars Audio Converter 1.76
    Fax
    FileZilla Server (remove only)
    FL Studio v7.0
    FontDoctor For Windows
    Fraps (remove only)
    Free Music Zilla
    FreeArc 0.666
    Game Booster
    Google Chrome
    GPBaseService2
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    i-Sound Recorder Pro 7.01
    ImageShack Uploader 2.2.0
    ImagXpress
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 22
    JDownloader
    K-Lite Mega Codec Pack 6.5.0
    Kaspersky Internet Security 2011
    kuler
    LAME v3.98.2 for Audacity
    Lucis Pro
    Mac OS X Cursors
    Magic Bullet Looks
    Magic FLAC to MP3 Converter 3.7
    Malwarebytes' Anti-Malware
    MarketResearch
    MediaMonkey 3.2
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.4)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Native Instruments Controller Editor
    Native Instruments Service Center
    Native Instruments Traktor
    Native Instruments Traktor DJ Studio 3
    Numark Cue (Atomix Productions)
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    OpenAL
    Photoshop Camera Raw
    PrimoPDF -- brought to you by Nitro PDF Software
    Project64 1.6
    PunkBuster Services
    PxMergeModule
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartWebPrinting
    SolutionCenter
    Status
    Suite Shared Configuration CS4
    System Requirements Lab CYRI
    The KMPlayer (remove only)
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Windows Movie Maker 6.0.6000.16386
    Xara3D6
    Xilisoft Video Converter Ultimate 6

    ==== Event Viewer Messages From Past Week ========

    12/22/2010 6:31:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    12/22/2010 5:59:56 PM, Error: Service Control Manager [7003] - The Server service depends the following service: SamSS. This service might not be installed.
    12/22/2010 5:59:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/22/2010 5:59:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    12/22/2010 5:59:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/22/2010 5:59:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/22/2010 5:59:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/22/2010 5:59:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/22/2010 5:59:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    12/22/2010 5:59:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF spldr Wanarpv6
    12/22/2010 5:59:26 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/22/2010 5:59:26 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/22/2010 4:38:11 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
    12/22/2010 3:08:25 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/22/2010 2:04:05 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    12/21/2010 9:36:57 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    12/21/2010 6:42:36 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/20/2010 3:19:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    12/20/2010 3:19:39 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/20/2010 3:13:05 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
    12/20/2010 3:12:43 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: Access is denied.
    12/20/2010 3:12:13 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/20/2010 2:57:50 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    12/18/2010 12:46:21 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/18/2010 10:00:29 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    12/16/2010 9:48:39 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.

    ==== End Of File ===========================


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-22 19:04:51
    Windows 6.1.7600
    Running: yvtinjhr.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x1A 0x11 0x48 0x4E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xCA 0x88 0xD8 0x68 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xD6 0x80 0x13 0xCB ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xB0 0xBD 0x29 0x2A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x1A 0x11 0x48 0x4E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xCA 0x88 0xD8 0x68 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xD6 0x80 0x13 0xCB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xB0 0xBD 0x29 0x2A ...

    ---- EOF - GMER 1.0.15 ----
     
  2. thescarecrow

    thescarecrow Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    4
    Trying to be patient.
     
  3. thescarecrow

    thescarecrow Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    4
  4. thescarecrow

    thescarecrow Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    4
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    opened by request
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    are you still having the same problem?
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970086

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice