1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

trojan slow computer

Discussion in 'Virus & Other Malware Removal' started by ron739, Dec 8, 2011.

Thread Status:
Not open for further replies.
  1. ron739

    ron739 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    2
    Hi my name is ron. Recently had a trojan and now computer seems to run sluggish. Also getting lots of error messages. Have run malwarebytes. Any help would be appreciated. Thanks in advance. Anyhow here are the logs requested.



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8331

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/12/2011 4:42:13 PM
    mbam-log-2011-12-08 (16-42-13).txt

    Scan type: Quick scan
    Objects scanned: 224200
    Time elapsed: 10 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\compaq_owner\local settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.



    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: AMD Sempron(tm) Processor 3400+, x86 Family 15 Model 79 Stepping 2
    Processor Count: 1
    RAM: 958 Mb
    Graphics Card: NVIDIA GeForce 6150 LE, 256 Mb
    Hard Drives: C: Total - 139313 MB, Free - 76676 MB; D: Total - 13298 MB, Free - 7431 MB;
    Motherboard: ASUSTek Computer INC., NODUSM3
    Antivirus: Kaspersky Internet Security, Updated: Yes, On-Demand Scanner: Enabled



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:53:54 PM, on 8/12/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\ZapShares\ZapSharesProtect.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program files\ToolwizCareFree\ToolwizCares.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=fp-yie8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!7
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    O1 - Hosts: ÿþ1
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: GhosteryBHO Class - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ZapShares] "C:\Program Files\ZapShares\ZapSharesProtect.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ToolwizCareFree] "C:\Program files\ToolwizCareFree\ToolwizCares.exe" -autorun
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
    O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1269057217187
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: McAfee Application Installer Cleanup (0090971311724515) (0090971311724515mcinstcleanup) - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\009097~1.EXE (file missing)
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PCPitstop Scheduling - Unknown owner - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Unknown owner - C:\Program Files\Secunia\PSI\sua.exe (file missing)
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16544 bytes





    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
    Run by Compaq_Owner at 17:56:20 on 2011-12-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.298 [GMT 11:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
    AV: Returnil System Safe 2011 *Enabled/Updated* {535A8864-C2D9-4337-B49A-B5E35815B9BB}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\ZapShares\ZapSharesProtect.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program files\ToolwizCareFree\ToolwizCares.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Windows Internet Explorer provided by Yahoo!7
    uStart Page = hxxp://au.yahoo.com/
    uDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
    mDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
    mStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = local;*.local
    mURLSearchHooks: H - No File
    mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: GhosteryBHO Class: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\compaq_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ToolwizCareFree] "c:\program files\toolwizcarefree\ToolwizCares.exe" -autorun
    mRun: [ZapShares] "c:\program files\zapshares\ZapSharesProtect.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
    StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\pandau~1.lnk - c:\program files\panda usb vaccine\USBVaccine.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
    uPolicies-explorer: NoCommonGroups = 0 (0x0)
    uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    uPolicies-explorer: NoChangeAnimation = 0 (0x0)
    uPolicies-explorer: NoDFSTab = 0 (0x0)
    uPolicies-explorer: NoFileAssociate = 0 (0x0)
    uPolicies-explorer: NoFileUrl = 0 (0x0)
    uPolicies-explorer: NoSMMyPictures = 0 (0x0)
    uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
    uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    mPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-system: NoDispAppearancePage = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    dPolicies-explorer: NoViewOnDrive = 0 (0x0)
    dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    dPolicies-system: NoDispAppearancePage = 0 (0x0)
    dPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
    IE: Scan link by Dr.Web - http://www.drweb.com/static/online/drweb-online-en.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
    DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269057217187
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
    TCP: Interfaces\{76A44A5B-357E-45D2-85FD-37632C935727} : DhcpNameServer = 15.243.128.51 15.243.160.51
    TCP: Interfaces\{81CEAB24-760F-4698-99F8-BF8123F1D549} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: klogon - c:\windows\system32\klogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\tc4e1d9x.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-7-18 28552]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-15 14776]
    R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-7-5 107336]
    R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-11-29 59096]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-11-20 565552]
    R1 ndicql;ndicql;c:\windows\system32\drivers\ndicql.sys [2011-3-14 19712]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-27 328536]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-1 54760]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-10 366152]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
    R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-5-31 439632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-7-5 637720]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-10-14 225592]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-10 22216]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-2-24 272128]
    S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
    S1 bdftdif_bs;bdftdif_bs;\??\c:\program files\bitdefender\trafficlight\bdftdif.sys --> c:\program files\bitdefender\trafficlight\bdftdif.sys [?]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 0090971311724515mcinstcleanup;McAfee Application Installer Cleanup (0090971311724515);c:\docume~1\compaq~1\locals~1\temp\009097~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\compaq~1\locals~1\temp\009097~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664]
    S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
    S3 a2acc;a2acc;\??\c:\program files\mamutu\a2accx86.sys --> c:\program files\mamutu\a2accx86.sys [?]
    S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2011-10-14 2560]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S3 cpuz134;cpuz134;\??\c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys --> c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [?]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 135664]
    S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2010-5-18 53921]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\25.tmp --> c:\windows\system32\25.tmp [?]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\pcpitstopscheduleservice.exe --> c:\program files\pcpitstop\PCPitstopScheduleService.exe [?]
    S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    .
    =============== File Associations ===============
    .
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-12-07 23:24:16 -------- d-----w- c:\documents and settings\compaq_owner\application data\VoodooShield
    2011-12-07 23:24:12 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\VoodooShield
    2011-12-04 06:49:25 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\ToolwizCareFree
    2011-12-04 06:49:24 -------- d-----w- c:\program files\ToolwizCareFree
    2011-12-02 05:28:37 -------- dc-h--w- c:\documents and settings\all users\application data\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}
    2011-11-21 08:06:06 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2011-11-21 08:05:34 -------- d-----w- c:\program files\common files\xing shared
    2011-11-21 08:04:57 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2011-11-21 08:04:17 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2011-11-20 09:12:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-11-20 09:12:25 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-20 08:53:08 -------- d-----w- c:\program files\Returnil
    2011-11-20 06:04:42 97961 ----a-w- c:\windows\system32\drivers\klick.dat
    2011-11-20 06:04:42 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2011-11-20 06:04:36 110992 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\abhelperxpcom.dll
    2011-11-20 06:04:31 147856 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
    2011-11-20 06:02:14 -------- d-----w- c:\program files\Kaspersky Lab
    2011-11-20 06:02:13 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
    2011-11-15 04:01:05 -------- d-----w- c:\documents and settings\compaq_owner\application data\SUPERAntiSpyware.com
    2011-11-15 03:59:37 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-15 00:23:41 -------- d-----w- c:\program files\common files\Filseclab
    .
    ==================== Find3M ====================
    .
    2011-12-08 04:54:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-12-08 04:33:05 141272 ----a-w- c:\windows\system32\WRusr.dll
    2011-12-08 04:33:05 107336 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2011-11-21 21:56:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-21 08:03:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-21 08:03:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-10-26 18:55:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-10-24 03:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 03:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-04 00:01:30 61440 ----a-w- c:\windows\system32\CleanMem.exe
    2011-10-02 15:50:34 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-02 15:45:22 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 00:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 00:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 00:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-14 13:58:10 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
    2004-10-01 05:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 18:00:00.35 ===============






    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/06/2007 12:19:26 PM
    System Uptime: 8/12/2011 5:48:06 PM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NODUSM3
    Processor: AMD Sempron(tm) Processor 3400+ | Socket AM2 | 1803/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 74.881 GiB free.
    D: is FIXED (FAT32) - 13 GiB total, 7.257 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP18: 19/08/2011 5:01:55 PM - System Checkpoint
    RP19: 20/08/2011 5:44:36 PM - Software Distribution Service 3.0
    RP20: 24/08/2011 6:16:05 PM - System Checkpoint
    RP21: 25/08/2011 5:52:24 AM - Software Distribution Service 3.0
    RP22: 26/08/2011 8:34:13 PM - System Checkpoint
    RP23: 28/08/2011 12:51:02 PM - System Checkpoint
    RP24: 29/08/2011 3:52:31 PM - System Checkpoint
    RP25: 30/08/2011 5:11:10 PM - System Checkpoint
    RP26: 4/09/2011 9:58:26 AM - before traffic light
    RP27: 5/09/2011 4:22:17 PM - System Checkpoint
    RP28: 7/09/2011 12:59:38 PM - Software Distribution Service 3.0
    RP29: 7/09/2011 4:31:57 PM - Installed Java(TM) 7
    RP30: 11/09/2011 3:55:30 PM - System Checkpoint
    RP31: 12/09/2011 4:20:49 PM - System Checkpoint
    RP32: 14/09/2011 12:02:14 PM - System Checkpoint
    RP33: 14/09/2011 12:12:39 PM - Removed ESET Smart Security
    RP34: 14/09/2011 1:06:26 PM - Installed ESET Smart Security
    RP35: 14/09/2011 1:22:14 PM - Software Distribution Service 3.0
    RP36: 14/09/2011 1:58:37 PM - Software Distribution Service 3.0
    RP37: 14/09/2011 6:58:24 PM - Installed Browser Guard v3.0
    RP38: 14/09/2011 7:00:45 PM - Installed Trend Micro Web Protection Add-On
    RP39: 14/09/2011 7:33:50 PM - Removed Trend Micro Web Protection Add-On
    RP40: 15/09/2011 2:59:44 PM - Removed HPSU306Stub
    RP41: 15/09/2011 2:59:58 PM - Removed HP Software Update
    RP42: 15/09/2011 3:00:23 PM - Installed HP Update.
    RP43: 15/09/2011 3:07:17 PM - Installed HP Product Assistant
    RP44: 15/09/2011 6:19:32 PM - Installed Adobe Shockwave Player 11.6.
    RP45: 18/09/2011 3:56:35 PM - Installed G Data CloudSecurity.
    RP46: 19/09/2011 7:08:25 AM - before peerblock
    RP47: 20/09/2011 2:14:41 PM - System Checkpoint
    RP48: 28/09/2011 5:59:50 PM - Software Distribution Service 3.0
    RP49: 9/10/2011 3:36:05 PM - System Checkpoint
    RP50: 9/10/2011 9:40:26 PM - before kingsoft
    RP51: 10/10/2011 1:32:42 PM - before ccleaner
    RP52: 10/10/2011 5:34:02 PM - Installed Windows XP KB955704.
    RP53: 10/10/2011 5:35:24 PM - Installed Windows XP KB953155.
    RP54: 10/10/2011 5:36:42 PM - Installed Windows XP KB932716-v2.
    RP55: 10/10/2011 5:37:54 PM - Installed Windows XP KB951830.
    RP56: 10/10/2011 7:29:53 PM - before bufferzone
    RP57: 10/10/2011 8:07:28 PM - Installed BufferZone
    RP58: 12/10/2011 9:30:40 AM - System Checkpoint
    RP59: 13/10/2011 5:52:46 PM - Software Distribution Service 3.0
    RP60: 14/10/2011 3:43:49 PM - before cleanmem
    RP61: 18/10/2011 10:09:16 PM - before panda usb vaccine
    RP62: 23/10/2011 6:58:49 PM - Revo Uninstaller's restore point - BitDefender TrafficLight
    RP63: 26/10/2011 9:07:05 AM - Installed Java(TM) 7 Update 1
    RP64: 26/10/2011 9:16:34 AM - Removed Java(TM) 6 Update 26
    RP65: 26/10/2011 9:17:48 AM - Installed Java(TM) 6 Update 29
    RP66: 26/10/2011 6:02:26 PM - before bo clean comodo
    RP67: 27/10/2011 5:34:53 AM - Removed ESET Smart Security
    RP68: 27/10/2011 8:17:48 AM - before zone alarm repair
    RP69: 3/11/2011 3:20:37 PM - System Checkpoint
    RP70: 6/11/2011 12:22:11 AM - System Checkpoint
    RP71: 7/11/2011 10:22:55 PM - Installed Returnil System Safe 2011
    RP72: 7/11/2011 10:46:45 PM - IObit Uninstaller restore point
    RP73: 7/11/2011 10:53:32 PM - IObit Uninstaller restore point
    RP74: 7/11/2011 10:55:04 PM - Removed BufferZone
    RP75: 7/11/2011 11:00:10 PM - IObit Uninstaller restore point
    RP76: 7/11/2011 11:00:41 PM - Removed Browser Guard v3.0
    RP77: 7/11/2011 11:02:13 PM - IObit Uninstaller restore point
    RP78: 7/11/2011 11:02:29 PM - Removed G Data CloudSecurity.
    RP79: 7/11/2011 11:05:45 PM - IObit Uninstaller restore point
    RP80: 7/11/2011 11:19:47 PM - IObit Uninstaller restore point
    RP81: 7/11/2011 11:56:01 PM - Removed Returnil System Safe 2011
    RP82: 8/11/2011 12:09:33 AM - Installed Returnil System Safe 2011
    RP83: 8/11/2011 12:16:12 AM - Installed Returnil System Safe 2011
    RP84: 10/11/2011 8:36:46 AM - Software Distribution Service 3.0
    RP85: 11/11/2011 6:40:06 AM - Software Distribution Service 3.0
    RP86: 14/11/2011 3:47:23 PM - System Checkpoint
    RP87: 15/11/2011 11:03:18 AM - before twister av
    RP88: 15/11/2011 11:21:30 AM - Installed Twister Anti-TrojanVirus
    RP89: 15/11/2011 1:14:26 PM - Revo Uninstaller's restore point - Twister Anti-TrojanVirus
    RP90: 15/11/2011 1:15:04 PM - Removed Twister Anti-TrojanVirus
    RP91: 16/11/2011 9:23:24 PM - System Checkpoint
    RP92: 20/11/2011 12:46:23 PM - Removed Returnil System Safe 2011
    RP93: 20/11/2011 12:52:40 PM - Installed Returnil System Safe 2011
    RP94: 20/11/2011 1:36:26 PM - Removed Returnil System Safe 2011
    RP95: 20/11/2011 5:02:01 PM - Installed Kaspersky Internet Security 2012.
    RP96: 20/11/2011 7:53:01 PM - Installed Returnil System Safe 2011
    RP97: 20/11/2011 8:11:18 PM - Restore Operation
    RP98: 24/11/2011 12:56:43 PM - System Checkpoint
    RP99: 26/11/2011 4:17:19 PM - before threat fire
    RP100: 6/12/2011 7:02:24 PM - System Checkpoint
    RP101: 8/12/2011 10:17:20 AM - before voodoo shield
    RP102: 8/12/2011 10:38:28 AM - Revo Uninstaller's restore point - VoodooShield version 0.88 Beta
    .
    ==== Installed Programs ======================
    .
    6200
    6200_Help
    6200Trb
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    Advanced SystemCare 4
    AiO_Scan
    AiOSoftware
    AntiLogger
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bandoo
    Belarc Advisor 8.2
    Bing Bar
    Bonjour
    BufferChm
    CCleaner
    CleanMem
    CNET TechTracker
    Copy
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Data Fax SoftModem with SmartCP
    Destinations
    DeviceManagementQFolder
    Director
    DocProc
    DocumentViewer
    ERUNT 1.1j
    ESET Online Scanner v3
    Fax
    FileHippo.com Update Checker
    FullDPAppQFolder
    Game Booster 3
    Ghostery IE Plugin
    Glary Utilities 2.35.0.1216
    Google Apps
    Google Chrome
    Google Earth
    Google Quick Search Box
    Google Talk Plugin
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Graboid Video 2.2
    High Definition Audio Driver Package - KB888111
    HiJackThis
    HijackThis 2.0.2
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB951830)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP DVD Play 2.1
    HP Extended Capabilities 4.7
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Update
    HPPhotoSmartExpress
    HpSdpAppCoreApp
    HPSystemDiagnostics
    IncrediMail
    IncrediMail 2.0
    InstantShare
    InstantShareAlert
    InstantShareDevices
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 7 Update 1
    Junk Mail filter update
    Kaspersky Internet Security 2012
    KeyScrambler
    LightScribe 1.4.105.1
    Macro Vibration Joystick
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (3.1.16)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    NETGEAR WG111v2 wireless USB 2.0 adapter
    NVIDIA Control Panel 266.58
    NVIDIA Drivers
    NVIDIA Graphics Driver 266.58
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    ooVoo
    Opera 11.60
    OptionalContentQFolder
    Panda USB Vaccine 1.0.1.4
    PanoStandAlone
    PC Tune-Up
    PeerBlock 1.1 (r518)
    Photo Notifier and Animation Creator
    PhotoGallery
    Picasa 3
    PKR
    PokerStars
    ProductContext
    QuickTime
    RandMap
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Registry Mechanic 8.0
    Revo Uninstaller 1.93
    runtime
    Scan
    ScannerCopy
    SeaMonkey (2.5)
    Secunia PSI (2.0.0.3003)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SkinsHP1
    Skype Click to Call
    Skype™ 5.5
    SlideShow
    SlideShowMusic
    Smart Defrag 2
    Sonic Express Labeler
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Sony Picture Utility
    Sony USB Driver
    Speccy
    SUPERAntiSpyware
    swMSM
    Toolwiz Care
    TrayApp
    Trend Micro RUBotted 2.0 Beta
    Unity Web Player
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955704)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.1
    VS10Runtime
    WebFldrs XP
    WebReg
    Webroot SecureAnywhere
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    winpcap-nmap 4.11
    WinPcap 4.1.1
    WOT for Internet Explorer
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Install Manager
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo!7 Toolbar
    ZapShares 3.9
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/12/2011 5:50:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif_bs Partizan SBRE
    8/12/2011 5:36:16 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified.
    8/12/2011 5:35:09 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ==========================


    and warning from kaspersky



    Type: vulnerability (1)
    http://redirect.kaspersky.com/?hl=en&target=securelist&rpe=1&function=advisories&VN=46757 Inactive 8/12/2011 2:30:24 PM
    Type: legal software that can be used by criminals for damaging your computer or personal data (1)
    PDM.Trojan.generic Inactive 8/12/2011 3:33:01 PM




    GMER log to follow.
     
  2. ron739

    ron739 Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    2
    here is the GMER log.



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-08 21:37:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b ST3160815AS rev.4.CCC
    Running: qvmnik6o.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgliafod.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF2C8FFBA]
    SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAllocateVirtualMemory [0xF73F95E0]
    SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAssignProcessToJobObject [0xF73F9790]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF2C908B4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF2CA9AEE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF2C90E26]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateFile [0xF2914444]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF2C90D14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF2CA9E06]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xF2C91056]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xF2C9121E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF2C8FD76]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF2C90F3E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF2CAB110]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateThread [0xF2913C46]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF2CA9ECE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF2C9153C]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteKey [0xF2914232]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteValueKey [0xF2914104]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeviceIoControlFile [0xF291499E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF2C9253C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF2CA5088]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF2CA5A38]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwLoadDriver [0xF2913A7C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF2CA4BC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF2CA4E1C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF2CAB130]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF2CA830A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF2C90EB8]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenFile [0xF291472A]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenKey [0xF29143FE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF2C90DA0]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenProcess [0xF2913D6A]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenSection [0xF2913ED0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF2C90FD0]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenThread [0xF2913E1A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xF2CAB120]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwProtectVirtualMemory [0xF29148C0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF2CA3EB8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF2CA5698]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xF2CA8500]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF2C91EC0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF2CA5488]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwQueueApcThread [0xF2913CF8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF2CA4198]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF2CA480C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF2CAA048]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF2CA9F96]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF2CAA0B4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF2CA4A14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF2C923DE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF2CA433E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xF2CA44D4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xF2CA4670]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSecureConnectPort [0xF2914858]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetContextThread [0xF29137AE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF2C913E8]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetSystemInformation [0xF2913BD8]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetValueKey [0xF29142FE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF2C92104]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF2C9223E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF2C9145E]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwTerminateProcess [0xF2913FEA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF2C902EA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF2C91D78]
    SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwWriteVirtualMemory [0xF291369A]
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP F2C829F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP F2C82DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 243C 80501C74 12 Bytes [06, 9E, CA, F2, 56, 10, C9, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 244C 80501C84 16 Bytes [76, FD, C8, F2, 3E, 0F, C9, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2684 80501EBC 16 Bytes [98, 41, CA, F2, 0C, 48, CA, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 26BC 80501EF4 20 Bytes [DE, 23, C9, F2, 3E, 43, CA, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 271C 80501F54 4 Bytes CALL 9542E86C
    .text ...
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C203A0, 0x5FE082, 0xE8000020]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006F30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DFE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017B40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017BB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DDF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016D60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017C10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006F10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017DA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10006FB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10006F90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D950 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016D30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017CE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017C80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016EC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017D40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006E90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006EF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DE60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000E020 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DEA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006F50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10006F70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10016F50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D9D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006ED0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017E70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000E060 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006E00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006E20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D920 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017370 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 100172B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 10017240 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 100174C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 10017030 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000DA60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 10017320 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000DA10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017150 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DB80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 100170B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 100171F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DB20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 10016FF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000DAA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 10017100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016C90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017550 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 100175E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DAE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10017070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017460 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 100173C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 100171A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012E60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016B60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 100169B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D7A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D860 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 10016920 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 10012FF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017880 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 100176A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 10017640 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 10017700 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100177C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10013070 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DCF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017A30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10017990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017770 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DD70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DDB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DD30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 1000E140 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 1000E1E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    .text C:\Program files\ToolwizCareFree\ToolwizCares.exe[728] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 1000E180 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1544] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
    .text C:\program files\real\realplayer\update\realsched.exe[1572] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\WINDOWS\Explorer.EXE[1992] SHLWAPI.dll!SHIsLowMemoryMachine + 6E02 77FBDD0B 5 Bytes JMP 10012C40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2340] USER32.dll!AlignRects 7E412A78 4 Bytes [E0, 13, 54, 67]
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys (Webroot SecureAnywhere/Webroot)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] C:\WINDOWS\system32\cewmdm.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] Free
    Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] WMDMCESP.WMDMCESP.1
    Reg HKLM\SOFTWARE\Classes\CLSID\{BB791C78-91E0-DB32-3A99-5EA102B313A3}\[email protected] WMDMCESP.WMDMCESP
    ---- EOF - GMER 1.0.15 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030266

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice