Thcbytes
thank you for taking the time to help me with this problem it is much appreciated.
I have followed your instructions and now the computer seems on the face of it to be running back to normal. It has not redirected, froze or been operating slow, although I have not spent to much time using yet. Hopefully it ok now.
I have included the logs as requested.
ComboFix 10-05-05.0D - David 06/05/2010 22:30:12.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.115 [GMT 1:00]
Running from: c:\documents and settings\David.HOME-11D0F07C01\Desktop\thcbytes.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc102.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc117.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc118.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc12.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc130.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc132.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc136.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc138.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc139.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc13A.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc13B.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc13C.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc13F.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc142.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc143.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc147.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc14F.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc163.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc169.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc170.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc17D.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc17F.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc192.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc1A1.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc1A5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc1CE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc1E5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc21.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc273.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc2C3.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc2CE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc3CA.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc3EC.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc443.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc46C.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccAE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccB.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccB0.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccB5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccB9.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC0.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC2.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC4.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC6.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccCC.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccCF.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD0.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD3.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD6.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccDA.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccDD.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccDF.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE8.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccEC.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccEE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccEF.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF0.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF1.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF4.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF7.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF8.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccFA.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccFD.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\Lesley.HOME-11D0F07C01\Local Settings\Temporary Internet Files\mccFF.tmp
c:\recycler\S-1-5-21-329068152-920026266-682003330-1004
c:\recycler\S-1-5-21-329068152-920026266-682003330-1005
c:\recycler\S-1-5-21-329068152-920026266-682003330-1006
c:\recycler\S-1-5-21-329068152-920026266-682003330-1007
Infected copy of c:\windows\system32\drivers\uagp35.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-04-19 20:40 . 2010-04-19 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-12 21:24 . 2010-04-12 21:24 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-12 21:24 . 2010-04-12 21:24 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-12 21:24 . 2010-04-12 21:24 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-12 20:42 . 2010-04-12 20:42 -------- d-----w- c:\program files\Enigma Software Group
2010-04-12 18:57 . 2010-04-12 18:59 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-04-11 11:25 . 2010-04-11 11:25 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 22:00 . 2008-08-13 20:06 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-05-05 16:57 . 2008-08-13 20:07 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 16:57 . 2008-08-13 20:07 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-04 16:15 . 2007-12-17 21:37 18696 ----a-w- c:\documents and settings\David.HOME-11D0F07C01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 18:52 . 2009-09-26 11:31 -------- d-----w- c:\program files\E111 MediaKit
2010-04-27 23:06 . 2007-12-17 21:17 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys
2010-04-25 11:51 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-25 09:46 . 2010-04-17 14:49 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-20 19:14 . 2008-03-26 19:29 -------- d-----w- c:\documents and settings\David.HOME-11D0F07C01\Application Data\Samsung
2010-04-20 19:14 . 2006-04-04 20:27 -------- d-----w- c:\program files\Samsung
2010-04-20 18:23 . 2009-07-24 13:12 -------- d-----w- c:\program files\PC Connectivity Solution
2010-04-19 20:40 . 2008-08-13 20:06 4888 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-19 20:40 . 2008-08-13 20:06 4146720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-19 20:40 . 2008-08-13 20:06 33476 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-19 20:40 . 2008-08-13 20:06 1114144 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-04-19 20:39 . 2010-04-19 20:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Trusteer
2010-04-19 20:37 . 2007-12-17 21:17 44672 ----a-w- c:\windows\system32\drivers\uagp35(4).sys
2010-04-19 20:37 . 2007-12-17 21:17 44672 ----a-w- c:\windows\system32\drivers\uagp35(3).sys
2010-04-19 20:37 . 2007-12-17 21:17 44672 ----a-w- c:\windows\system32\drivers\uagp35(2).sys
2010-04-19 20:36 . 2005-03-16 10:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-19 20:36 . 2010-04-19 20:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 20:35 . 2009-12-26 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-19 17:43 . 2009-09-18 11:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Motive
2010-04-17 14:49 . 2010-04-17 14:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
2010-04-16 06:52 . 2010-04-16 06:52 -------- d-----w- c:\documents and settings\Lesley.HOME-11D0F07C01\Application Data\Trusteer
2010-04-15 21:15 . 2010-04-15 21:15 -------- d-----w- c:\documents and settings\David.HOME-11D0F07C01\Application Data\Trusteer
2010-04-15 21:15 . 2010-04-15 21:15 -------- d-----w- c:\program files\Trusteer
2010-04-15 21:13 . 2010-04-15 21:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer
2010-04-15 08:51 . 2009-08-14 17:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-12 19:22 . 2010-04-12 19:22 932368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-12 19:22 . 2010-04-12 19:22 678416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-12 19:22 . 2010-04-12 19:22 604688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-12 19:22 . 2010-04-12 19:22 1096208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-12 19:22 . 2010-04-12 19:22 522768 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-12 16:20 . 2010-04-12 16:20 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-12 16:19 . 2010-04-12 16:19 80400 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-12 15:39 . 2008-08-13 20:06 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-12 15:34 . 2008-08-13 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2010-04-11 13:02 . 2010-01-02 13:46 5918776 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-01 17:59 . 2010-04-01 17:59 0 ----a-w- c:\windows\mfont.dat
2010-03-29 23:46 . 2009-12-26 13:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-12-26 13:29 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 23:12 . 2009-07-22 08:20 -------- d-----w- c:\documents and settings\David.HOME-11D0F07C01\Application Data\FrostWire
2010-03-25 22:50 . 2010-03-25 22:50 -------- d-----w- c:\documents and settings\David.HOME-11D0F07C01\Application Data\TrueCommerce
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 21:15 . 2007-09-29 10:42 -------- d-----w- c:\program files\Java
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-02-28 11:17 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2005-07-05 20:20 . 2005-07-05 20:20 1639 ----a-w- c:\program files\uninstal.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-10-29 716800]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Window Cleaner Pro\\Window Cleaner Pro.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 36880]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [23/03/2010 16:39 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [23/03/2010 16:39 125160]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [23/03/2010 16:39 779496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 18:06 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 17:00 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24/07/2009 14:16 36608]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13A.tmp --> c:\windows\system32\13A.tmp [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24/07/2009 14:16 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24/07/2009 14:16 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24/07/2009 14:16 121856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:00]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:00]
2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{3A0520B5-4953-4197-80E0-D19B58F4A412}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://login.yahoo.com/config/login_verify...t.yahoo.com/%3fuSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
SafeBoot-klmdb.sys
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-ares vista - c:\program files\Ares Vista\AresVista.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-06 23:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\13A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-06 23:10:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-06 22:10
Pre-Run: 20,842,147,840 bytes free
Post-Run: 22,774,939,648 bytes free
- - End Of File - - 43E1CC7F04D10182FFD9EB5505200921
OTL logfile created on: 06/05/2010 23:17:54 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David.HOME-11D0F07C01\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
511.00 Mb Total Physical Memory | 193.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 21.27 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-11D0F07C01
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/05/06 23:14:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\OTL.exe
PRC - [2010/03/23 16:39:18 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/09/14 17:56:46 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/15 14:49:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/03/03 14:18:10 | 000,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2004/01/26 12:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
========== Modules (SafeList) ========== MOD - [2010/05/06 23:14:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\OTL.exe
MOD - [2009/09/14 17:56:44 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ========== SRV - [2010/03/23 16:39:18 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/23 16:39:26 | 000,125,160 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/03/23 16:39:26 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/11 16:35:34 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/03/13 19:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/01/15 22:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/08/30 02:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 02:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.orange.co.uk/all?brand=ouk&a...q={searchTerms}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://login.yahoo.com/config/login_verify...t.yahoo.com/%3fIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/04/19 21:35:45 | 000,000,000 | ---D | M]
[2009/01/13 15:12:48 | 000,000,372 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\INSTALL.LOG
[2008/11/20 15:36:48 | 000,002,736 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\orange-os.xml
O1 HOSTS File: ([2010/04/12 21:43:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKLM\..\Toolbar: (Orange Toolbar) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer255.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Search with Wanadoo - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F}
http://webalbum.bonusprint.com/ukipc01/dow...geUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\David.HOME-11D0F07C01\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David.HOME-11D0F07C01\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/15 17:25:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/17 22:26:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26819141-E9EA-4B89-8FEF-0E875E3AC120} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ========== [2010/05/06 23:14:45 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\OTL.exe
[2010/05/06 22:05:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/27 20:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\gmer
[2010/04/25 11:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\tdsskiller
[2010/04/19 21:36:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/04/19 21:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/17 15:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/04/15 22:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Trusteer
[2010/04/15 22:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/04/15 22:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer
[2010/04/14 10:13:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/14 10:03:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/14 10:03:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/14 10:03:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/14 10:03:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/14 10:02:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/13 08:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\tdsskiller
[2010/04/12 22:24:34 | 000,053,088 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/12 22:24:34 | 000,030,280 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/12 22:24:33 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/12 21:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/05/06 23:19:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 23:14:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\OTL.exe
[2010/05/06 23:12:22 | 000,031,911 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\combofix.text
[2010/05/06 23:01:26 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3A0520B5-4953-4197-80E0-D19B58F4A412}.job
[2010/05/06 23:00:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 22:59:51 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 22:58:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 22:58:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 22:58:42 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 22:56:59 | 003,149,824 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\ntuser.dat
[2010/05/06 22:56:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\ntuser.ini
[2010/05/06 22:26:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 22:17:15 | 003,683,491 | R--- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\thcbytes.exe
[2010/05/06 22:10:56 | 000,040,500 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\Orange UK Home Page.url
[2010/05/06 22:01:05 | 000,893,214 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\thcbytes1.exe
[2010/05/05 18:03:07 | 005,369,782 | -H-- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Local Settings\Application Data\IconCache.db
[2010/05/05 17:57:22 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/05 17:57:21 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/04 17:32:27 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\dds.scr
[2010/05/04 17:15:01 | 000,018,696 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/29 20:25:58 | 000,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 21:02:13 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/28 21:02:13 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/28 00:06:46 | 000,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2010/04/27 20:45:02 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\gmer.zip
[2010/04/27 20:31:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\defogger_reenable
[2010/04/27 20:29:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\Defogger.exe
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 11:47:28 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\tdsskiller.zip
[2010/04/25 10:46:00 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/22 20:41:55 | 000,016,016 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100422.db
[2010/04/20 20:10:31 | 000,015,232 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100420.db
[2010/04/19 21:40:37 | 004,146,720 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/04/19 21:40:37 | 001,114,144 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/04/19 21:40:37 | 000,033,476 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/04/19 21:40:37 | 000,004,888 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/04/19 21:37:34 | 000,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35(4).sys
[2010/04/19 21:37:31 | 000,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35(3).sys
[2010/04/19 21:37:09 | 000,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35(2).sys
[2010/04/19 21:29:32 | 000,716,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/19 21:29:32 | 000,179,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/19 18:44:02 | 000,013,328 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100419.db
[2010/04/19 18:40:03 | 000,002,614 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/17 14:36:28 | 000,013,168 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100417.db
[2010/04/15 22:06:19 | 000,012,864 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100415.db
[2010/04/15 11:46:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 09:51:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/14 23:15:58 | 000,012,672 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100414.db
[2010/04/13 16:29:01 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/04/13 08:44:22 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\tdsskiller.zip
[2010/04/12 22:24:34 | 000,053,088 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/04/12 22:24:34 | 000,030,280 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/04/12 22:24:33 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/04/12 22:23:48 | 000,000,054 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/12 17:13:13 | 000,012,528 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100412.db
[2010/04/10 19:59:47 | 000,012,496 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100410.db
[2010/04/08 10:04:24 | 000,011,648 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100408.db
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/05/06 23:12:21 | 000,031,911 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\combofix.text
[2010/05/06 22:16:55 | 003,683,491 | R--- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\thcbytes.exe
[2010/05/06 22:00:51 | 000,893,214 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\thcbytes1.exe
[2010/04/27 20:45:01 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\gmer.zip
[2010/04/27 20:33:07 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\dds.scr
[2010/04/27 20:31:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\defogger_reenable
[2010/04/27 20:29:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\Defogger.exe
[2010/04/25 15:52:29 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/04/25 15:52:29 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010/04/25 11:47:22 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Desktop\tdsskiller.zip
[2010/04/22 20:41:55 | 000,016,016 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100422.db
[2010/04/20 20:10:31 | 000,015,232 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100420.db
[2010/04/19 21:14:35 | 003,149,824 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\ntuser.dat
[2010/04/19 18:44:01 | 000,013,328 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100419.db
[2010/04/17 15:49:41 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/17 14:36:27 | 000,013,168 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100417.db
[2010/04/15 22:06:19 | 000,012,864 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100415.db
[2010/04/14 23:15:58 | 000,012,672 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100414.db
[2010/04/14 10:13:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/14 10:13:10 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/14 10:03:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/14 10:03:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/14 10:03:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/14 10:03:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/14 10:03:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/14 09:57:11 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3A0520B5-4953-4197-80E0-D19B58F4A412}.job
[2010/04/13 16:27:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/04/13 16:15:54 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/13 08:44:16 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\tdsskiller.zip
[2010/04/12 22:23:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/12 17:13:13 | 000,012,528 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100412.db
[2010/04/10 19:59:46 | 000,012,496 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100410.db
[2010/04/08 10:04:24 | 000,011,648 | ---- | C] () -- C:\Documents and Settings\David.HOME-11D0F07C01\My Documents\wcp.data.20100408.db
[2010/04/01 18:52:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/09/18 12:53:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/07/24 14:16:15 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/24 14:16:15 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/06/05 14:09:46 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/03/26 19:52:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/19 10:48:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/18 11:06:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/17 22:39:05 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ========== [2008/12/26 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\212E
[2010/04/17 15:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2009/07/24 16:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2010/04/15 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer
[2009/11/15 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/08 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/27 00:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\FrostWire
[2008/07/17 13:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\GARMIN
[2009/07/24 15:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\PC Suite
[2010/04/20 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Samsung
[2010/03/25 23:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\TrueCommerce
[2010/04/15 22:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Trusteer
[2010/05/06 23:01:26 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3A0520B5-4953-4197-80E0-D19B58F4A412}.job
========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. >[2008/12/26 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\212E
[2010/04/19 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2007/12/19 13:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2008/05/26 14:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2009/01/11 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2009/12/02 17:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
[2010/04/17 15:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2007/12/19 10:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2010/05/06 23:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
[2010/04/12 16:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
[2009/12/26 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2008/08/13 21:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2009/10/29 10:49:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2010/04/19 18:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
[2009/11/11 22:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2009/07/24 16:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2008/08/13 21:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
[2007/12/19 10:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sonic
[2010/04/15 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer
[2008/01/01 15:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/09/18 13:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2009/11/15 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/08 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2008/07/29 17:44:02 | 000,070,992 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe
[2009/11/14 14:06:34 | 000,059,992 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
[2010/04/11 14:02:54 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/09/21 18:22:37 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
< %APPDATA%\*. >[2007/12/28 14:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Adobe
[2009/11/17 20:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Apple Computer
[2010/03/27 00:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\FrostWire
[2008/07/17 13:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\GARMIN
[2008/06/19 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Google
[2007/12/19 10:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\HP
[2007/12/17 22:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Identities
[2007/12/20 13:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Macromedia
[2009/12/26 14:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Malwarebytes
[2008/08/13 21:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\McAfee
[2010/04/19 21:18:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Microsoft
[2009/09/18 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Motive
[2009/07/24 15:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\PC Suite
[2010/04/20 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Samsung
[2009/01/05 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Sun
[2010/03/25 23:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\TrueCommerce
[2010/04/15 22:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\Trusteer
< %APPDATA%\*.exe /s >[2009/07/22 09:54:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David.HOME-11D0F07C01\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
< %SYSTEMDRIVE%\*.exe >[2005/03/16 11:19:10 | 000,533,904 | ---- | M] (Adobe Systems) -- C:\psa2011se_DLM_us_full.exe
< MD5 for: AGP440.SYS >[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2010/04/25 12:51:09 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2010/04/25 12:51:09 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: UAGP35.SYS >[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:uagp35.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:uagp35.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:uagp35.sys
[2008/09/10 10:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:uagp35.sys
[2004/08/04 00:07:44 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=49C805D42D75EDDC9B6A7130999C9054 -- C:\WINDOWS\$NtServicePackUninstall$\uagp35.sys
[2004/08/04 00:07:44 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=49C805D42D75EDDC9B6A7130999C9054 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\UAGP35.SYS
[2008/04/13 19:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\ServicePackFiles\i386\uagp35.sys
[2008/04/13 19:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\uagp35.sys
[2010/04/28 00:06:46 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\dllcache\uagp35.sys
[2010/04/28 00:06:46 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\drivers\uagp35.sys
< MD5 for: USERINIT.EXE >[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2007/12/17 22:11:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/17 22:11:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/17 22:11:10 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 01:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
OTL Extras logfile created on: 06/05/2010 23:17:54 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\David.HOME-11D0F07C01\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
511.00 Mb Total Physical Memory | 193.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.28 Gb Total Space | 21.27 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-11D0F07C01
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Window Cleaner Pro\Window Cleaner Pro.exe" = C:\Window Cleaner Pro\Window Cleaner Pro.exe:*:Enabled:Window Cleaner Pro -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{256AEBD0-41C6-471E-92B4-B256F5176A72}" = D7100
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A8F35061-B012-4995-A926-E223AB3FFA0C}" = MusicFileMaster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrangeToolbarUK" = Orange Toolbar
"Rapport_msi" = Rapport
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wanadoo" = Wanadoo Search Toolbar
"Window Cleaner Pro 2.3.7" = Window Cleaner Pro 2.3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 06/05/2010 17:03:26 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:03:31 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:03:31 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:03:32 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:03:32 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:10:38 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 06/05/2010 17:10:38 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:10:39 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:10:39 | Computer Name = HOME-11D0F07C01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 06/05/2010 17:21:24 | Computer Name = HOME-11D0F07C01 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.
[ System Events ]
Error - 04/05/2010 12:12:27 | Computer Name = HOME-11D0F07C01 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 04/05/2010 12:27:12 | Computer Name = HOME-11D0F07C01 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 04/05/2010 12:27:12 | Computer Name = HOME-11D0F07C01 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 04/05/2010 12:29:44 | Computer Name = HOME-11D0F07C01 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 05/05/2010 12:36:42 | Computer Name = HOME-11D0F07C01 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 05/05/2010 12:36:42 | Computer Name = HOME-11D0F07C01 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 06/05/2010 16:05:38 | Computer Name = HOME-11D0F07C01 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 06/05/2010 16:05:38 | Computer Name = HOME-11D0F07C01 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 06/05/2010 16:22:55 | Computer Name = HOME-11D0F07C01 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 06/05/2010 17:59:05 | Computer Name = HOME-11D0F07C01 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
< End of report >
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-07 07:43:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DAVID~1.HOM\LOCALS~1\Temp\kgryqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF638158C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF507AD92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF6381E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF6382922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF6382E94]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF507B49E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF6380436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF6382D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF6381192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF6382C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF638134E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF6382FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF6384C08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF6381AAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF6382CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF63845FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF507B5EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xF507ED58]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xF507ED8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF6382576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF63855CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF6380ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF6380F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF6382382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF638468C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF6380412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF6380424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF6384CBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF63810C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF6382F36]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF507B54E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF63805DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF6382E04]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xF507AED6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF6384C32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF6383068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xF507B0C8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF507B1FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF638101E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF6380C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF6384FD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF507EE62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF6384922]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF507EDCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF507EDFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF63833F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF63832B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF638439A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF507EE30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF63854AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF6380248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF638265C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF507AD40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF507B64A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF6383C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF6384786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF6385114]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xF507ECF0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF63851F8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF507ACE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF6384526]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xF507AC40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF507AC88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF6384E8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF63819EA]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes [4E, 13, 38, F6, C6, 2F, 38, ...]
.text ntoskrnl.exe!_abnormal_termination + 144 804E27B0 8 Bytes JMP 58F507B5
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [8C, 46, 38, F6, 12, 04, 38, ...] {MOV WORD [ESI+0x38], ES; NOT BYTE [EDX]; ADD AL, 0x38; MUL BYTE [ESP+EAX]; CMP DH, DH}
.text ntoskrnl.exe!_abnormal_termination + 34C 804E29B8 16 Bytes [CC, ED, 07, F5, FE, ED, 07, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [F8, 51, 38, F6, E4, AC, 07, ...]
.text ...
? Combo-Fix.sys The system cannot find the file specified. !
? C:\thcbytes\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1380] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00412220 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716C000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1380] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 00444C80 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1380] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1380] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1920] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1920] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1920] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2188] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2292] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2292] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2292] USER32.dll!AlignRects + FFFA5598 7E412A78 4 Bytes [70, 11, 33, 6D]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5572] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- EOF - GMER 1.0.15 ----