trojan slow computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ron739

Thread Starter
Joined
Dec 8, 2011
Messages
2
Hi my name is ron. Recently had a trojan and now computer seems to run sluggish. Also getting lots of error messages. Have run malwarebytes. Any help would be appreciated. Thanks in advance. Anyhow here are the logs requested.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8331

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/12/2011 4:42:13 PM
mbam-log-2011-12-08 (16-42-13).txt

Scan type: Quick scan
Objects scanned: 224200
Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\compaq_owner\local settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.



Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Sempron(tm) Processor 3400+, x86 Family 15 Model 79 Stepping 2
Processor Count: 1
RAM: 958 Mb
Graphics Card: NVIDIA GeForce 6150 LE, 256 Mb
Hard Drives: C: Total - 139313 MB, Free - 76676 MB; D: Total - 13298 MB, Free - 7431 MB;
Motherboard: ASUSTek Computer INC., NODUSM3
Antivirus: Kaspersky Internet Security, Updated: Yes, On-Demand Scanner: Enabled



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:54 PM, on 8/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ZapShares\ZapSharesProtect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program files\ToolwizCareFree\ToolwizCares.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O1 - Hosts: ÿþ1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: GhosteryBHO Class - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ZapShares] "C:\Program Files\ZapShares\ZapSharesProtect.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ToolwizCareFree] "C:\Program files\ToolwizCareFree\ToolwizCares.exe" -autorun
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1269057217187
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: McAfee Application Installer Cleanup (0090971311724515) (0090971311724515mcinstcleanup) - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\009097~1.EXE (file missing)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCPitstop Scheduling - Unknown owner - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Unknown owner - C:\Program Files\Secunia\PSI\sua.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16544 bytes





.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Compaq_Owner at 17:56:20 on 2011-12-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.298 [GMT 11:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
AV: Returnil System Safe 2011 *Enabled/Updated* {535A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\WRSA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ZapShares\ZapSharesProtect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program files\ToolwizCareFree\ToolwizCares.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!7
uStart Page = hxxp://au.yahoo.com/
uDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = local;*.local
mURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: GhosteryBHO Class: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\compaq_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ToolwizCareFree] "c:\program files\toolwizcarefree\ToolwizCares.exe" -autorun
mRun: [ZapShares] "c:\program files\zapshares\ZapSharesProtect.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\pandau~1.lnk - c:\program files\panda usb vaccine\USBVaccine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Scan link by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269057217187
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{76A44A5B-357E-45D2-85FD-37632C935727} : DhcpNameServer = 15.243.128.51 15.243.160.51
TCP: Interfaces\{81CEAB24-760F-4698-99F8-BF8123F1D549} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\tc4e1d9x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-7-18 28552]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-15 14776]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-7-5 107336]
R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-11-29 59096]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-11-20 565552]
R1 ndicql;ndicql;c:\windows\system32\drivers\ndicql.sys [2011-3-14 19712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-27 328536]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-1 54760]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-10 366152]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-5-31 439632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-7-5 637720]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-10-14 225592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-10 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-2-24 272128]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S1 bdftdif_bs;bdftdif_bs;\??\c:\program files\bitdefender\trafficlight\bdftdif.sys --> c:\program files\bitdefender\trafficlight\bdftdif.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 0090971311724515mcinstcleanup;McAfee Application Installer Cleanup (0090971311724515);c:\docume~1\compaq~1\locals~1\temp\009097~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\compaq~1\locals~1\temp\009097~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
S3 a2acc;a2acc;\??\c:\program files\mamutu\a2accx86.sys --> c:\program files\mamutu\a2accx86.sys [?]
S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2011-10-14 2560]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cpuz134;cpuz134;\??\c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys --> c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2010-5-18 53921]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\25.tmp --> c:\windows\system32\25.tmp [?]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\pcpitstopscheduleservice.exe --> c:\program files\pcpitstop\PCPitstopScheduleService.exe [?]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2011-12-07 23:24:16 -------- d-----w- c:\documents and settings\compaq_owner\application data\VoodooShield
2011-12-07 23:24:12 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\VoodooShield
2011-12-04 06:49:25 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\ToolwizCareFree
2011-12-04 06:49:24 -------- d-----w- c:\program files\ToolwizCareFree
2011-12-02 05:28:37 -------- dc-h--w- c:\documents and settings\all users\application data\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}
2011-11-21 08:06:06 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-11-21 08:05:34 -------- d-----w- c:\program files\common files\xing shared
2011-11-21 08:04:57 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-11-21 08:04:17 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-11-20 09:12:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-20 09:12:25 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-20 08:53:08 -------- d-----w- c:\program files\Returnil
2011-11-20 06:04:42 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-11-20 06:04:42 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-11-20 06:04:36 110992 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\abhelperxpcom.dll
2011-11-20 06:04:31 147856 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2011-11-20 06:02:14 -------- d-----w- c:\program files\Kaspersky Lab
2011-11-20 06:02:13 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-11-15 04:01:05 -------- d-----w- c:\documents and settings\compaq_owner\application data\SUPERAntiSpyware.com
2011-11-15 03:59:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-15 00:23:41 -------- d-----w- c:\program files\common files\Filseclab
.
==================== Find3M ====================
.
2011-12-08 04:54:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-08 04:33:05 141272 ----a-w- c:\windows\system32\WRusr.dll
2011-12-08 04:33:05 107336 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-21 21:56:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 08:03:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-21 08:03:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-26 18:55:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-24 03:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 03:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-04 00:01:30 61440 ----a-w- c:\windows\system32\CleanMem.exe
2011-10-02 15:50:34 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-02 15:45:22 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 00:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 00:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 00:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-14 13:58:10 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2004-10-01 05:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 18:00:00.35 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/06/2007 12:19:26 PM
System Uptime: 8/12/2011 5:48:06 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Sempron(tm) Processor 3400+ | Socket AM2 | 1803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 74.881 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 7.257 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP18: 19/08/2011 5:01:55 PM - System Checkpoint
RP19: 20/08/2011 5:44:36 PM - Software Distribution Service 3.0
RP20: 24/08/2011 6:16:05 PM - System Checkpoint
RP21: 25/08/2011 5:52:24 AM - Software Distribution Service 3.0
RP22: 26/08/2011 8:34:13 PM - System Checkpoint
RP23: 28/08/2011 12:51:02 PM - System Checkpoint
RP24: 29/08/2011 3:52:31 PM - System Checkpoint
RP25: 30/08/2011 5:11:10 PM - System Checkpoint
RP26: 4/09/2011 9:58:26 AM - before traffic light
RP27: 5/09/2011 4:22:17 PM - System Checkpoint
RP28: 7/09/2011 12:59:38 PM - Software Distribution Service 3.0
RP29: 7/09/2011 4:31:57 PM - Installed Java(TM) 7
RP30: 11/09/2011 3:55:30 PM - System Checkpoint
RP31: 12/09/2011 4:20:49 PM - System Checkpoint
RP32: 14/09/2011 12:02:14 PM - System Checkpoint
RP33: 14/09/2011 12:12:39 PM - Removed ESET Smart Security
RP34: 14/09/2011 1:06:26 PM - Installed ESET Smart Security
RP35: 14/09/2011 1:22:14 PM - Software Distribution Service 3.0
RP36: 14/09/2011 1:58:37 PM - Software Distribution Service 3.0
RP37: 14/09/2011 6:58:24 PM - Installed Browser Guard v3.0
RP38: 14/09/2011 7:00:45 PM - Installed Trend Micro Web Protection Add-On
RP39: 14/09/2011 7:33:50 PM - Removed Trend Micro Web Protection Add-On
RP40: 15/09/2011 2:59:44 PM - Removed HPSU306Stub
RP41: 15/09/2011 2:59:58 PM - Removed HP Software Update
RP42: 15/09/2011 3:00:23 PM - Installed HP Update.
RP43: 15/09/2011 3:07:17 PM - Installed HP Product Assistant
RP44: 15/09/2011 6:19:32 PM - Installed Adobe Shockwave Player 11.6.
RP45: 18/09/2011 3:56:35 PM - Installed G Data CloudSecurity.
RP46: 19/09/2011 7:08:25 AM - before peerblock
RP47: 20/09/2011 2:14:41 PM - System Checkpoint
RP48: 28/09/2011 5:59:50 PM - Software Distribution Service 3.0
RP49: 9/10/2011 3:36:05 PM - System Checkpoint
RP50: 9/10/2011 9:40:26 PM - before kingsoft
RP51: 10/10/2011 1:32:42 PM - before ccleaner
RP52: 10/10/2011 5:34:02 PM - Installed Windows XP KB955704.
RP53: 10/10/2011 5:35:24 PM - Installed Windows XP KB953155.
RP54: 10/10/2011 5:36:42 PM - Installed Windows XP KB932716-v2.
RP55: 10/10/2011 5:37:54 PM - Installed Windows XP KB951830.
RP56: 10/10/2011 7:29:53 PM - before bufferzone
RP57: 10/10/2011 8:07:28 PM - Installed BufferZone
RP58: 12/10/2011 9:30:40 AM - System Checkpoint
RP59: 13/10/2011 5:52:46 PM - Software Distribution Service 3.0
RP60: 14/10/2011 3:43:49 PM - before cleanmem
RP61: 18/10/2011 10:09:16 PM - before panda usb vaccine
RP62: 23/10/2011 6:58:49 PM - Revo Uninstaller's restore point - BitDefender TrafficLight
RP63: 26/10/2011 9:07:05 AM - Installed Java(TM) 7 Update 1
RP64: 26/10/2011 9:16:34 AM - Removed Java(TM) 6 Update 26
RP65: 26/10/2011 9:17:48 AM - Installed Java(TM) 6 Update 29
RP66: 26/10/2011 6:02:26 PM - before bo clean comodo
RP67: 27/10/2011 5:34:53 AM - Removed ESET Smart Security
RP68: 27/10/2011 8:17:48 AM - before zone alarm repair
RP69: 3/11/2011 3:20:37 PM - System Checkpoint
RP70: 6/11/2011 12:22:11 AM - System Checkpoint
RP71: 7/11/2011 10:22:55 PM - Installed Returnil System Safe 2011
RP72: 7/11/2011 10:46:45 PM - IObit Uninstaller restore point
RP73: 7/11/2011 10:53:32 PM - IObit Uninstaller restore point
RP74: 7/11/2011 10:55:04 PM - Removed BufferZone
RP75: 7/11/2011 11:00:10 PM - IObit Uninstaller restore point
RP76: 7/11/2011 11:00:41 PM - Removed Browser Guard v3.0
RP77: 7/11/2011 11:02:13 PM - IObit Uninstaller restore point
RP78: 7/11/2011 11:02:29 PM - Removed G Data CloudSecurity.
RP79: 7/11/2011 11:05:45 PM - IObit Uninstaller restore point
RP80: 7/11/2011 11:19:47 PM - IObit Uninstaller restore point
RP81: 7/11/2011 11:56:01 PM - Removed Returnil System Safe 2011
RP82: 8/11/2011 12:09:33 AM - Installed Returnil System Safe 2011
RP83: 8/11/2011 12:16:12 AM - Installed Returnil System Safe 2011
RP84: 10/11/2011 8:36:46 AM - Software Distribution Service 3.0
RP85: 11/11/2011 6:40:06 AM - Software Distribution Service 3.0
RP86: 14/11/2011 3:47:23 PM - System Checkpoint
RP87: 15/11/2011 11:03:18 AM - before twister av
RP88: 15/11/2011 11:21:30 AM - Installed Twister Anti-TrojanVirus
RP89: 15/11/2011 1:14:26 PM - Revo Uninstaller's restore point - Twister Anti-TrojanVirus
RP90: 15/11/2011 1:15:04 PM - Removed Twister Anti-TrojanVirus
RP91: 16/11/2011 9:23:24 PM - System Checkpoint
RP92: 20/11/2011 12:46:23 PM - Removed Returnil System Safe 2011
RP93: 20/11/2011 12:52:40 PM - Installed Returnil System Safe 2011
RP94: 20/11/2011 1:36:26 PM - Removed Returnil System Safe 2011
RP95: 20/11/2011 5:02:01 PM - Installed Kaspersky Internet Security 2012.
RP96: 20/11/2011 7:53:01 PM - Installed Returnil System Safe 2011
RP97: 20/11/2011 8:11:18 PM - Restore Operation
RP98: 24/11/2011 12:56:43 PM - System Checkpoint
RP99: 26/11/2011 4:17:19 PM - before threat fire
RP100: 6/12/2011 7:02:24 PM - System Checkpoint
RP101: 8/12/2011 10:17:20 AM - before voodoo shield
RP102: 8/12/2011 10:38:28 AM - Revo Uninstaller's restore point - VoodooShield version 0.88 Beta
.
==== Installed Programs ======================
.
6200
6200_Help
6200Trb
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Advanced SystemCare 4
AiO_Scan
AiOSoftware
AntiLogger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bandoo
Belarc Advisor 8.2
Bing Bar
Bonjour
BufferChm
CCleaner
CleanMem
CNET TechTracker
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Director
DocProc
DocumentViewer
ERUNT 1.1j
ESET Online Scanner v3
Fax
FileHippo.com Update Checker
FullDPAppQFolder
Game Booster 3
Ghostery IE Plugin
Glary Utilities 2.35.0.1216
Google Apps
Google Chrome
Google Earth
Google Quick Search Box
Google Talk Plugin
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graboid Video 2.2
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Extended Capabilities 4.7
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPPhotoSmartExpress
HpSdpAppCoreApp
HPSystemDiagnostics
IncrediMail
IncrediMail 2.0
InstantShare
InstantShareAlert
InstantShareDevices
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 1
Junk Mail filter update
Kaspersky Internet Security 2012
KeyScrambler
LightScribe 1.4.105.1
Macro Vibration Joystick
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
Mozilla Thunderbird (3.1.16)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
ooVoo
Opera 11.60
OptionalContentQFolder
Panda USB Vaccine 1.0.1.4
PanoStandAlone
PC Tune-Up
PeerBlock 1.1 (r518)
Photo Notifier and Animation Creator
PhotoGallery
Picasa 3
PKR
PokerStars
ProductContext
QuickTime
RandMap
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Mechanic 8.0
Revo Uninstaller 1.93
runtime
Scan
ScannerCopy
SeaMonkey (2.5)
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
Skype Click to Call
Skype™ 5.5
SlideShow
SlideShowMusic
Smart Defrag 2
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sony Picture Utility
Sony USB Driver
Speccy
SUPERAntiSpyware
swMSM
Toolwiz Care
TrayApp
Trend Micro RUBotted 2.0 Beta
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VS10Runtime
WebFldrs XP
WebReg
Webroot SecureAnywhere
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
winpcap-nmap 4.11
WinPcap 4.1.1
WOT for Internet Explorer
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo!7 Toolbar
ZapShares 3.9
.
==== Event Viewer Messages From Past Week ========
.
8/12/2011 5:50:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif_bs Partizan SBRE
8/12/2011 5:36:16 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified.
8/12/2011 5:35:09 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ==========================


and warning from kaspersky



Type: vulnerability (1)
http://redirect.kaspersky.com/?hl=en&target=securelist&rpe=1&function=advisories&VN=46757 Inactive 8/12/2011 2:30:24 PM
Type: legal software that can be used by criminals for damaging your computer or personal data (1)
PDM.Trojan.generic Inactive 8/12/2011 3:33:01 PM




GMER log to follow.
 

ron739

Thread Starter
Joined
Dec 8, 2011
Messages
2
here is the GMER log.



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-08 21:37:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b ST3160815AS rev.4.CCC
Running: qvmnik6o.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgliafod.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF2C8FFBA]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAllocateVirtualMemory [0xF73F95E0]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAssignProcessToJobObject [0xF73F9790]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF2C908B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF2CA9AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF2C90E26]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateFile [0xF2914444]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF2C90D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF2CA9E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xF2C91056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xF2C9121E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF2C8FD76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF2C90F3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF2CAB110]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateThread [0xF2913C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF2CA9ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF2C9153C]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteKey [0xF2914232]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteValueKey [0xF2914104]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeviceIoControlFile [0xF291499E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF2C9253C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF2CA5088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF2CA5A38]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwLoadDriver [0xF2913A7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF2CA4BC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF2CA4E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF2CAB130]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF2CA830A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF2C90EB8]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenFile [0xF291472A]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenKey [0xF29143FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF2C90DA0]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenProcess [0xF2913D6A]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenSection [0xF2913ED0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF2C90FD0]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenThread [0xF2913E1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xF2CAB120]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwProtectVirtualMemory [0xF29148C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF2CA3EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF2CA5698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xF2CA8500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF2C91EC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF2CA5488]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwQueueApcThread [0xF2913CF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF2CA4198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF2CA480C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF2CAA048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF2CA9F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF2CAA0B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF2CA4A14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF2C923DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF2CA433E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xF2CA44D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xF2CA4670]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSecureConnectPort [0xF2914858]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetContextThread [0xF29137AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF2C913E8]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetSystemInformation [0xF2913BD8]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetValueKey [0xF29142FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF2C92104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF2C9223E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF2C9145E]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwTerminateProcess [0xF2913FEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF2C902EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF2C91D78]
SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwWriteVirtualMemory [0xF291369A]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP F2C829F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP F2C82DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 243C 80501C74 12 Bytes [06, 9E, CA, F2, 56, 10, C9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 244C 80501C84 16 Bytes [76, FD, C8, F2, 3E, 0F, C9, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 16 Bytes [98, 41, CA, F2, 0C, 48, CA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 26BC 80501EF4 20 Bytes [DE, 23, C9, F2, 3E, 43, CA, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 271C 80501F54 4 Bytes CALL 9542E86C
.text ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C203A0, 0x5FE082, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DFE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017B40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017BB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DDF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016D60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017C10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017DA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D950 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016D30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017CE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017C80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017D40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DE60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000E020 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DEA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016F50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006ED0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017E70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000E060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006E00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D920 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100172B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017240 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100174C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10017030 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000DA60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017320 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DB80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 100171F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DB20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016FF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000DAA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016C90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100175E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DAE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10017070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100173C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100171A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016B60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100169B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D7A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D860 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016920 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012FF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100176A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017640 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017700 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100177C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10013070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DCF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017A30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10017990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017770 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DD70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DDB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DD30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E140 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E1E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E180 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
.text C:\program files\real\realplayer\update\realsched.exe[1572] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\Explorer.EXE[1992] SHLWAPI.dll!SHIsLowMemoryMachine + 6E02 77FBDD0B 5 Bytes JMP 10012C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] C:\WINDOWS\system32\cewmdm.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] Free
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] WMDMCESP.WMDMCESP.1
Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] WMDMCESP.WMDMCESP
---- EOF - GMER 1.0.15 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top